CYBERSECURITY researchers have detected fraudulent Android apps on the official Google Play Store that claim to provide access to call histories for any number, only to push users into a subscription that delivers fake data. The 28 apps have collectively amassed more than 7.3 million downloads, with one title alone accounting for over 3 million, before being removed from the store.
The activity, codenamed CallPhantom by ESET, primarily targeted Android users in India and the wider Asia-Pacific region, with the apps allegedly offering access to call histories, SMS records and even WhatsApp logs for any number. To unlock the supposed feature, users are asked to pay, but the data shown is random and fabricated, and in at least one case an app developer used the name Indian gov[.]in to build trust.
Evidence suggests the scam has been active since at least November 2025, and a second cluster of apps asks users for their email address to receive the claimed details, while payments flow through Google Play billing or third‑party methods such as UPI, Google Pay, PhonePe and Paytm.
Group-IB notes that bad actors have stolen an estimated $2 million from Indonesian users in a related tax‑impersonation campaign, which also leverages phishing, social engineering and vishing to enable broader device compromise and fraud.