28 fake apps on Google Play tricked 7.3 million Indian users into paying for fake call logs - charging up to $80 a year for fabricated data

ESET disclosed CallPhantom, a campaign of 28 fraudulent Android apps on Google Play that promised to reveal call histories, SMS records, and WhatsApp call logs for any phone number. Combined downloads: 7.3 million. After payment (weekly, monthly, or annual subscriptions up to $80), users receive fabricated phone numbers and names hardcoded into the apps. Targeting was India-focused (apps came pre-set with +91 country code and UPI integration via Google Pay, PhonePe, and Paytm) plus broader Asia-Pacific. Some apps embedded direct credit card forms, violating Play policy and making refunds harder. Google removed the 28 apps after ESET's report.

Check

If your organization issues Android devices to staff in India or APAC, check Google Play purchase histories for active subscriptions to call-history apps. Review corporate phone bills for unexpected UPI charges since November 2025.

Affected

Android users in India and broader Asia-Pacific, particularly those who searched Play Store for tools to retrieve call logs, SMS records, or WhatsApp histories. Indian users are the primary target due to UPI integration - 7.3M+ confirmed downloads. Corporate-issued Android devices used for personal app downloads face the same risk.

Fix

Cancel any active CallPhantom subscriptions through Play Store - Google has removed the apps. Request refunds via Play Store (subject to Google's time windows). For UPI-paid subscriptions, contact your UPI provider directly. Brief staff that no legitimate consumer app can reveal call logs of arbitrary phone numbers. For corporate fleets: apply MDM policies that block sideloading.