The IT Nerd

A new Android scam, CallPhantom, falsely claims to provide access to call logs, SMS records, and WhatsApp call history for any phone number in exchange for payment.

ESET identified and reported 28 separate CallPhantom apps on Google Play, cumulatively downloaded more than 7.3 million times.

Some CallPhantom apps sidestep Google Play’s official billing system, complicating victims’ refund efforts.

ESET researchers have uncovered fraudulent apps on Google Play that claim to provide the call history “for any number.” The offending apps, which ESET named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number. To unlock this supposed feature, users are asked to pay — but all they get in return is randomly generated data. ESET’s investigation identified 28 such fraudulent apps, cumulatively downloaded more than 7.3 million times. As an App Defense Alliance partner, ESET reported their findings to Google, which removed all of the apps identified in this report from Google Play. 

The CallPhantom apps mainly targeted Android users in India and the broader Asia Pacific region. Many of the apps came with India’s +91 country code preselected, and support UPI, a payment system used primarily in India.

In general, CallPhantom apps have a simple user interface and do not request any intrusive or sensitive permissions — they don’t need to. Coincidentally, they do not contain any functionality capable of retrieving actual call, SMS, or WhatsApp data.

In the CallPhantom apps ESET analyzed, researchers saw three different payment methods used, two of which are in violation of Google Play’s payments policy. Some of the apps relied on subscriptions via Google Play’s official billing system. Others relied on payments via a third party; in some cases, payment card checkout forms were included directly in the CallPhantom apps.

The fees requested for the fake service differ widely across the apps. The apps also appear to offer different subscription packages, such as weekly, monthly, or yearly services, with the highest requested price sitting at US$80. For the lowest “subscription tier,” the average requested price was €5.

In general, subscriptions purchased through the official Google Play billing system can be canceled. For the 28 apps described in this blog post, existing subscriptions were canceled when the apps were removed from Google Play. In some cases, refunds for Google Play purchases are possible.

If the purchase was made outside of Google Play — for example, by entering payment card details inside the app or by paying via third-party services — then Google cannot cancel the subscription or issue a refund, and users have to contact their payment provider.

For a more details about CallPhantom, check out the latest ESET Research blog post, “Fake call logs, real payments: How CallPhantom tricks Android users,” on WeLiveSecurity.com.

This entry was posted on May 21, 2026 at 12:24 pm and is filed under Commentary with tags ESET. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.