Fraudulent Call History Apps Deceive Users, Racking Up Over 7.3 Million Downloads on Google Play Store
Cybersecurity researchers have identified a significant threat in the form of fraudulent applications on the Google Play Store, which falsely claimed to provide access to call histories for any phone number. These deceptive apps have collectively amassed over 7.3 million downloads, with one app alone accounting for more than 3 million before being removed from the platform. The operation, dubbed CallPhantom by Slovakian cybersecurity firm ESET, primarily targeted Android users in India and the Asia-Pacific region.
The Mechanics of Deception
The fraudulent apps, which ESET has labeled as CallPhantom, promised users access to call histories, SMS records, and even WhatsApp call logs. Users were required to pay a fee to unlock these features, but in reality, they received only randomly generated data. Lukáš Štefanko, a security researcher at ESET, stated, “The offending apps purport to provide access to call histories… To unlock this supposed feature, users are asked to pay — but all they get in return is randomly generated data.”
The apps were designed to create a false sense of trust, with at least one being published under the developer name “Indian gov.in.” This tactic aimed to mislead users into downloading the applications, believing they were legitimate.
List of Identified Fraudulent Apps
The following is a list of some of the identified fraudulent applications:
- Call history: any number deta (calldetaila.ndcallhisto.rytogetan.ynumber)
- Call History of Any Number (com.pixelxinnovation.manager)
- Call Details of Any Number (com.app.call.detail.history)
- Call History Any Number Detail (sc.call.ofany.mobiledetail)
- Call History Of Any Number (com.basehistory.historydownloading)
- Phone Call History Tracker (com.phone.call.history.tracke)
- Call History Pro (com.all_historydownload.anynumber.callhistorybackup)
These applications exploited users’ trust and financial resources, with subscription plans ranging from approximately $6 to $80.
Payment Mechanisms and User Impact
The payment methods employed by these apps included subscriptions via Google Play’s official billing system and third-party applications that support Unified Payments Interface (UPI), a widely used payment system in India. Notably, this list includes popular platforms like Google Pay, PhonePe, and Paytm. Some apps also utilized direct payment card checkout forms within the applications, violating Google’s policies.
In one instance, users who attempted to exit the app without making a payment received deceptive notifications claiming that a call history had been sent to their email. Clicking on these notifications redirected users to a subscription screen, further entrenching them in the scam.
Users who fell victim to these fraudulent schemes may have had their subscriptions canceled after the apps were removed from the Google Play Store. However, refunds for purchases made through third-party payment systems remain uncertain, leaving victims reliant on external payment providers.
Broader Implications and Related Threats
The emergence of these fraudulent apps highlights a growing trend in cybercrime, particularly in the Asia-Pacific region. ESET’s findings coincide with a broader fraud campaign in Indonesia, where bad actors reportedly stole an estimated $2 million by impersonating trusted brands, including the country’s tax platform, CoreTax. This campaign, which began in July 2025, has been linked to a financially motivated threat cluster known as GoldFactory.
Group-IB has indicated that the attack chain integrates various tactics, including phishing websites, social engineering via WhatsApp, and voice phishing (vishing). These methods aim to achieve full device compromise and unauthorized financial transfers. The malware infrastructure supporting this fraud campaign has been observed abusing over 16 trusted brands, collectively targeting Indonesia’s population of approximately 287 million.
Conclusion
The fraudulent call history apps serve as a stark reminder of the vulnerabilities present in mobile application ecosystems. The deceptive tactics employed by these apps, combined with the ease of access to payment systems, underscore the need for heightened vigilance among users. Cybersecurity experts emphasize the importance of scrutinizing app permissions and developer credentials before downloading applications.
For further insights into this ongoing issue and other cybersecurity developments, please refer to the original reporting source: The Hacker News.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
