CallPhantom Android scam reached 7.3 million downloads on Google Play
CallPhantom Android scam reached 7.3 million downloads on Google Play
https://www.helpnetsecurity.com/2026/05/07/callphantom-android-scam-google-play/
Publish Date: 2026-05-07 05:00:00
Source Domain: www.helpnetsecurity.com
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 million downloads before the store removed them.
ESET researchers, who tracked the campaign and named it CallPhantom, reported the apps to Google on December 16, 2025, and all of them have since been taken down.
Fabricated data sold as real records
The apps advertised access to call histories, SMS records, and WhatsApp call logs for any phone number supplied by the user. Once a victim paid, the apps delivered randomly generated data drawn from hardcoded lists of names, country codes, timestamps, and call durations. None of the apps contained any code capable of retrieving real communications data, and they did not request the sensitive permissions such functionality would require.
ESET first identified the activity in November 2025 after a Reddit post flagged an app called Call History of Any Number, published under the developer name “Indian gov.in.” The app had no connection to the Indian government. Further analysis surfaced 27 additional apps using the same scheme.
Two operating models
Apps in the first cluster generated partial fake results immediately, then asked for payment to reveal the rest. The second cluster collected an email address and promised to deliver the call history after subscription. In one case, the app pushed users who closed it without paying through fake email-style notifications claiming the report was ready. Tapping the alert opened a subscription screen.
Many of the apps preselected the +91 country code and supported UPI, the payment system used widely in India. Negative reviews on the Play Store described the same pattern of users paying and receiving randomized data with no recourse.
Various payment options used by CallPhantom apps (Source:…
Source
![Gemini overlay rolls out Dynamic Color, integrates ‘Screen content’ [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2026/05/gemini-overlay-3.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1 "Gemini overlay rolls out Dynamic Color, integrates ‘Screen content’ [U]")