Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Kenstocker/Getty Images

A new malware scam is silently executing billing fraud, targeting users based on their phone carriers and locations. Uncovered by cybersecurity group Zimperium, the campaign used nearly 250 Android applications to impersonate popular games and social media sites, including TikTok, Minecraft, Grand Theft Auto, Instagram Threads, and Facebook Messenger. Once downloaded, they charged unsuspecting users premium fees, enlisting them in automated subscription engines.

The scheme utilized advanced techniques like JavaScript injection, one-time password interception, and WebView automation to evade notice, automate subscriptions, track scams, and exfiltrate data. Deployed in Malaysia, Romania, Thailand, and Croatia, the malware read victims’ SIM cards and activated only for specific carriers. Zimperium first detected the scam in March 2025, tracking it until at least January 2026. Concerned users can consult Zimperium’s GitHub repository for indicators of compromise. It remains unclear how infected apps found their victims.

However, Google is adamant that none of the 250 of them are available on its app store, according to Dark Reading. A Google spokesperson went on to say, “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.” Despite these claims, however, experts argue that the attack is indicative of wide-reaching marketplace security challenges….

Source