Fraudulent Android apps promised fake call logs, SMS records, and WhatsApp histories in exchange for paid subscriptions
ESET researchers have uncovered a large-scale Android scam campaign operating through Google Play, where fraudulent applications falsely claimed to provide users with access to call logs, SMS records, and even WhatsApp call histories for any phone number.
The campaign, dubbed “CallPhantom” by ESET researchers, involved 28 separate Android applications that collectively achieved more than 7.3 million downloads before being removed from Google Play.
According to Lukáš Štefanko, the apps generated entirely fake results instead of providing genuine call data.
“In November 2025, we came across a Reddit post discussing an app named Call History of Any Number on Google Play,” Štefanko said. “Our analysis showed that the data provided by the app was completely fabricated.”
The apps primarily targeted users in India and across the Asia-Pacific region, with many featuring India’s +91 country code by default and supporting UPI-based payments.
“The ‘call history’ data provided by these apps is entirely fabricated, with random phone numbers and fake records embedded directly in the code,” said Lukáš Štefanko, Researcher at ESET.
ESET found that the applications required payments to unlock supposed premium services, despite lacking any technical capability to retrieve actual call records, SMS logs, or WhatsApp data. Instead, the apps generated random phone numbers, names, call durations, and timestamps directly from embedded code.
Researchers also identified multiple payment mechanisms used by the scam applications, including methods that violated Google Play’s billing policies. While some apps relied on Google Play subscriptions, others processed payments through third-party systems or embedded payment card forms directly within the applications, making refunds more difficult for victims.
Subscription pricing varied widely, ranging from approximately €5 for lower-tier plans to as much as US$80 for premium packages.
As part of the App Defense Alliance, ESET reported the applications to Google Play, leading to the removal of all identified apps from the platform.
ESET warned that users who subscribed through Google Play may still be able to cancel subscriptions or request refunds, while those who made payments through external channels would need to contact their payment providers directly.
The company advised Android users to remain cautious of applications promising unauthorized access to private communications or personal data, as such claims are typically fraudulent and may expose users to financial or privacy risks.
