Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over 3 million downloads, before they were taken down from the official app storefront.The activity, codenamed CallPhantom by Slovakian cybersecurity company ESET, primarily targeted Android users in India and the broader Asia-Pacific region. "The offending apps, which we named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number," ESET security researcher Lukáš Štefanko said in a report shared with The Hacker News. "To unlock this supposed feature, users are asked to pay -- but all they get in return is randomly generated data." At least one of the flagged apps was published under the developer name "Indian gov.in" in an attempt to build a false sense of trust and unsuspecting trick users into downloading it. However, this trick masks a nefarious motive where victims are asked to make a payment in order to view details of a phone number's call and SMS history. Once the payment is made, users are served entirely fabricated phone numbers and names directly embedded into the source code. Evidence indicates that the activity may have been active since at least November 2025. A second cluster of these apps has been found to prompt users to enter their email address to which the purported details of any phone number would be delivered to. As in the prior case, no data is generated until a payment is made. The payments either rely on subscriptions via Google Play Store's official billing system or via third-party apps that support Unified Payments Interface (UPI), an instant payment syst