{
  "name": "Fake call logs, real payments: How CallPhantom tricks Android users",
  "slug": "fake-call-logs-real-payments-how-callphantom-tricks-android-users",
  "description": "ESET researchers discovered 28 fraudulent Android applications on Google Play, collectively named CallPhantom, that falsely claimed to provide call histories, SMS records, and WhatsApp logs for any phone number. These apps were downloaded over 7.3 million times before removal, primarily targeting users in India and the Asia-Pacific region. The apps generate fabricated data using hardcoded names and random phone numbers, displaying this fake information only after payment. CallPhantom employs three payment methods, with some bypassing Google Play's official billing system through third-party UPI payments or direct card entry, making refunds difficult. The scam exploits user curiosity about private information, charging between \u20ac5 and $80 for worthless subscriptions that deliver entirely fabricated communication data.",
  "published": "2026-05-07T15:05:03+00:00",
  "created_at": "2026-05-07T15:05:03+00:00",
  "modified_at": "2026-05-08T07:20:02+00:00",
  "created_at_opencti": "2026-05-07T15:05:03+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-05-07",
    "android fraud",
    "callphantom",
    "fake call history",
    "fraudulent apps",
    "google play",
    "india targeting",
    "subscription scam",
    "upi payment"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:4469c1d24eb45c03",
        "name": "CallPhantom",
        "slug": "callphantom"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "British Indian Ocean Territory"
      }
    ]
  },
  "external_refs": [
    "https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/",
    "https://otx.alienvault.com/pulse/69fcc63f67fc5f79f089ed5c"
  ]
}