Fake call logs, real payments: How CallPhantom tricks Android users

ESET Research uncovered CallPhantom, a cluster of 28 fraudulent Android apps on Google Play that generated and sold fake call/SMS/WhatsApp logs to users (collectively downloaded >7.3M times); the apps used a mix of Google Play billing, third‑party UPI links, and in‑app card entry to collect payments (complicating refunds), relied on hardcoded/generated fake data rather than accessing real communications, and employed Firebase-hosted endpoints for dynamic behavior and C2; all identified apps were reported and removed, and the report includes IoCs (file hashes, package names, Firebase domains/IPs) and remediation advice.