Fake Call-Logging Apps Stealing Money? How to Spot & Remove Them Immediately

May 25, 2026 Rachel Kim – Technology Editor Technology

Google Play has removed 28 fraudulent Android applications collectively downloaded more than 7.3 million times, after cybersecurity firm ESET uncovered a coordinated scam that tricked users into paying for fabricated call history, SMS records, and WhatsApp logs. The operation, dubbed CallPhantom by ESET researchers, targeted users primarily in India and the broader Asia-Pacific region, with many apps pre-configured to accept payments through the country’s Unified Payments Interface (UPI).

ESET’s investigation traced the scam to apps falsely advertising access to call logs for any phone number, including those outside the user’s device. Once installed, victims were prompted to pay for features that did not exist—the apps generated random data, pairing fabricated phone numbers with pre-programmed names, call times, and durations. The deception extended to WhatsApp call logs, a claim no legitimate app could fulfill without violating privacy laws or platform terms.

From Instagram — related to Google Play, Lukáš Štefanko

The scam’s sophistication lay in its simplicity. Unlike many malicious apps that demand intrusive permissions, CallPhantom apps required none. They sidestepped Google Play’s official billing system in some cases, complicating refunds for victims. ESET researcher Lukáš Štefanko, who led the discovery, noted in a statement that the apps’ code embedded the fake data directly, confirming their fraudulent intent. “In November 2025, we came across a Reddit post discussing an app named Call History of Any Number, found on Google Play,” Štefanko said. “Our analysis showed the ‘call history’ was entirely fabricated, with fixed names and durations hardcoded into the application.”

Fake Signal and Telegram apps – Week in security with Tony Anscombe

Google’s removal of the apps followed ESET’s report to the App Defense Alliance, a consortium of cybersecurity firms collaborating to combat app-based threats. While the platform’s automated systems had previously flagged some of the apps, human review confirmed their malicious nature only after ESET’s detailed analysis. A Google spokesperson did not provide comment on whether the company had identified additional apps using similar tactics.

The scam’s focus on India reflects broader trends in digital fraud targeting emerging markets, where mobile payment systems like UPI have grown rapidly but remain vulnerable to exploitation. ESET’s findings align with a growing body of research highlighting how scammers leverage cultural trust in official-looking interfaces—such as the +91 country code default—to bypass skepticism. The firm’s global research network, spanning 11 development centers, identified the apps through behavioral analysis of user complaints and code audits.

Victims of the scam faced not only financial loss but potential long-term damage to their digital security. Many apps, though removed, may have already spread through unofficial channels or been repackaged under new names. ESET advises users to review app permissions, avoid installations from unverified sources, and report suspicious activity to platform providers. The firm’s disclosure serves as a reminder that even in an era of advanced threat detection, social engineering remains one of the most persistent risks in digital ecosystems.

As of May 7, 2026, no further apps matching the CallPhantom pattern have been publicly identified, though ESET continues monitoring for similar schemes. The case underscores the need for collaborative vigilance between cybersecurity researchers, platform operators, and users to mitigate evolving fraud tactics.

, , , , , , , , , , , , , , , , , , , , , , , ,