Cybersecurity researchers at ESET have discovered that malicious loan apps steal victims’ sensitive data and threaten them with ridicule if they do not comply with unreasonable conditions.
Researchers have named a collection of more than a dozen apps “SpyLoan” that are touted as financial services tools for personal loans that provide “quick and easy access to funds.”
The team warned that the Play Store already has more than 12 million combined downloads, but the app is also distributed via social media, third-party stores, and various websites, and the number of downloads is even higher. We warn that there may be more. .
fool google
After a user signs up, the first red flag is permissions. The app requests many permissions that are objectively unnecessary, such as access to the camera, call logs, and contact list. If the user still signs up for a loan, the app will soon shorten that period to just a few days and threaten the victim with ridicule if they don’t comply. Assuming the app has access to your contact list, it will start notifying people in that list about the loan.
Additionally, the app collects a lot of sensitive data from the compromised endpoint, including a list of all accounts, device information, call logs, installed apps, calendar events, local Wi-Fi network details, and image metadata. etc.) silently. ESET says the app can also retrieve location data and text messages.
Researchers claim that while the SpyLoan app is nothing new, its pace has accelerated in 2023. The majority of victims live in Mexico, India, Thailand, Indonesia, Nigeria, Philippines, Egypt, Vietnam, Singapore, Kenya, and Colombia. ,Peru.
ESET also said the apps bypassed Google’s protections by being submitted with “compliant privacy policies, mandatory KYC standards, and transparent permission requests.” However, there are also links to websites that clearly disguise themselves as real companies.
Of the 18 apps discovered, Google removed 17 from its app repository. The last one is now available in a new permission set and allowed to remain as is.