By rssfeeds-admin 
A massive scam campaign, dubbed “CallPhantom,” tricked millions into paying for fabricated call histories, SMS records, and WhatsApp call logs.
Security researchers identified 28 of these malicious applications on the Google Play Store. Together, they accumulated over 7.3 million downloads before Google removed them following a detailed security report.
Fake Call Apps Explode
The CallPhantom apps lured users by claiming an impossible feature: revealing the private communication history of any phone number.
However, these apps lacked the technical capability or permissions to retrieve real call or SMS data. Instead, they generated completely fake information to deceive victims.
Some of the apps contained hardcoded names, call durations, and phone numbers embedded directly within theirsoftware code.
When a victim used the app, it simply combined these fixed templates with randomly generated numbers to create the illusion of a legitimate call log.
To view the full records, users were forced to pay a subscription fee. Other versions of the app required users to provide an email address, claiming the retrieved data would be sent there only after they paid.
In some aggressive cases, users who tried to exit the application without subscribing received deceptive notifications styled to look like new emails.
These alerts falsely stated that the requested call history was ready, tricking users into returning to the payment screen.
The requested fees varied greatly across the 28 apps, with basic tiers averaging €5 and premium subscriptions reaching up to US$80.
The operators behind the CallPhantom campaign primarily targeted mobile users in India and the broader Asia-Pacific region.
To maximize their profits and complicate refund efforts, many of these apps intentionally bypassed Google Play’s official billing system.
While some apps used Google’s standard in-app purchases, others aggressively pushed users toward third-party payment platforms, such as India’s UPI system. Some applications even included direct payment card checkout forms directly within the app’s interface.
According to welivesecurity research, using third-party payment methods violates Google Play policies and exposes victims to significant financial risks.
It also makes it much more difficult to recover lost money. For users who paid through the official Google Play billing system, active subscriptions were automatically canceled when Google took down the 28 apps.
These victims may also be eligible for refunds by checking their payment settings in the Play Store app.
Unfortunately, users who paid via external links, UPI apps, or direct card entry cannot receive refunds through Google. They will need to contact their external payment providers or banks directly to report the fraud.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post 28 Fake Call History Apps Hit 7.3M Downloads On Google Play appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.