Fake call logs, real payments: How CallPhantom tricks Android users
Essential information
- Published
- 07/05/2026 17:05
- Modified
- 08/05/2026 09:20
- Tags
- 2026-05-07 android fraud callphantom fake call history fraudulent apps google play india targeting subscription scam upi payment
- Related entities
- 1 malware, 2 others
Description
ESET researchers discovered 28 fraudulent Android applications on Google Play, collectively named CallPhantom, that falsely claimed to provide call histories, SMS records, and WhatsApp logs for any phone number. These apps were downloaded over 7.3 million times before removal, primarily targeting users in India and the Asia-Pacific region. The apps generate fabricated data using hardcoded names and random phone numbers, displaying this fake information only after payment. CallPhantom employs three payment methods, with some bypassing Google Play's official billing system through third-party UPI payments or direct card entry, making refunds difficult. The scam exploits user curiosity about private information, charging between €5 and $80 for worthless subscriptions that deliver entirely fabricated communication data.