- A new Android scam, CallPhantom, falsely claims to provide access to call logs, SMS records, and WhatsApp call history for any phone number in exchange for payment.
- We identified and reported 28 separate CallPhantom apps on Google Play, cumulatively downloaded more than 7.3 million times.
- Some CallPhantom apps sidestep Google Play’s official billing system, complicating victims’ refund efforts.
BRATISLAVA, KOŠICE — May 7, 2026 — ESET researchers have uncovered fraudulent apps on Google Play that claim to provide the call history “for any number.” The offending apps, which ESET named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number. To unlock this supposed feature, users are asked to pay — but all they get in return is randomly generated data. ESET’s investigation identified 28 such fraudulent apps, cumulatively downloaded more than 7.3 million times. As an App Defense Alliance partner, we reported our findings to Google, which removed all of the apps identified in this report from Google Play.
The CallPhantom apps mainly targeted Android users in India and the broader Asia Pacific region. Many of the apps came with India’s +91 country code preselected, and support UPI, a payment system used primarily in India.
“In November 2025, we came across a Reddit post discussing an app named Call History of Any Number, found on Google Play. Unsurprisingly, our analysis showed that the ‘call history’ data provided by this app is entirely fabricated — the app generates random phone numbers and matches them with fixed names, call times, and call durations, which were embedded directly in the code,” says ESET researcher Lukáš Štefanko, who uncovered the CallPhantom fraud.
In general, CallPhantom apps have a simple user interface and do not request any intrusive or sensitive permissions — they don’t need to. Coincidentally, they do not contain any functionality capable of retrieving actual call, SMS, or WhatsApp data.
In the CallPhantom apps ESET analyzed, researchers saw three different payment methods used, two of which are in violation of Google Play’s payments policy. Some of the apps relied on subscriptions via Google Play’s official billing system. Others relied on payments via a third party; in some cases, payment card checkout forms were included directly in the CallPhantom apps.
The fees requested for the fake service differ widely across the apps. The apps also appear to offer different subscription packages, such as weekly, monthly, or yearly services, with the highest requested price sitting at US$80. For the lowest “subscription tier,” the average requested price was €5.
In general, subscriptions purchased through the official Google Play billing system can be canceled. For the 28 apps described in this blog post, existing subscriptions were canceled when the apps were removed from Google Play. In some cases, refunds for Google Play purchases are possible.
If the purchase was made outside of Google Play — for example, by entering payment card details inside the app or by paying via third-party services — then Google cannot cancel the subscription or issue a refund, and users have to contact their payment provider.
For a more details about CallPhantom, check out the latest ESET Research blog post, “Fake call logs, real payments: How CallPhantom tricks Android users,” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.
Examples of CallPhantom apps found on Google Play
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
