This dangerous 'CallPhantom' scam spread across 28 Google Play apps downloaded over 7 million times - here's what we know

News
By published

Fake apps were promising access to people's call logs

In this photo illustration a Google Play logo seen displayed on a smartphone.
(Image credit: Photo Illustration by Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)
  • ESET uncovered 28 fraudulent apps on Google Play, downloaded 7.3M+ times, falsely claiming to reveal call/SMS/WhatsApp histories
  • The apps generated fake data and charged $6–$80 subscriptions, with most victims in India
  • Google removed the apps and refunded Play‑based payments, but third‑party payment victims must seek reimbursement directly

Google has removed more than two dozen Android applications from the Play Store for promising users something it can’t deliver - and charging a solid amount of money for it.

Security researchers ESET found 28 apps on Google’s Android repository which claimed to provide the call history for virtually any number. These apps also claimed they could retrieve people’s SMS records and WhatsApp call logs.

But the “service” does not come for free - users were asked to purchase different subscription packages, ranging from weekly to yearly, and costing anywhere between $6 and $80.

Latest Videos From

CallPhantom

In total, the apps were downloaded more than 7.3 million times, ESET said. The worst part is that they did not, and could not, provide the service they advertised:

“In November 2025, we came across a Reddit post discussing an app named Call History of Any Number, found on Google Play,” ESET explained. “Unsurprisingly, our analysis showed that the ‘call history’ data provided by this app is entirely fabricated — the app generates random phone numbers and matches them with fixed names, call times, and call durations, which were embedded directly in the code,”.

ESET named the campaign CallPhantom.

Most of the victims are in India. Many of the apps came with India’s +91 country code preselected, and they supported UPI, which is a payment system primarily used in that country. ESET said that the majority (53.7%) of all CallPhantom detections worldwide were found in India.

Victims were offered three ways to pay for the service. One is via Google Play’s official billing system, while the other two relied on third parties. Subscriptions made via Google Play can be cancelled (and were cancelled for all apps that were removed from the repository), and victims can be reimbursed.

For the other two methods, users are advised to contact their payment provider for options.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.