A recent research study by ESET, a leading IT security software and services company, revealed a significant increase in the proliferation of deceptive SpyLoan applications. These apps are mainly used on the Android platform to deceive consumers in his APAC region, offering them attractive quick loans and at the same time stealing victims’ personal and financial data for blackmail purposes. are collecting.
The study showed a visible proliferation of such apps across unofficial third-party app stores, Google Play, and certain websites since early 2023. These apps promote themselves as legitimate personal loan services and promise quick and easy access to funds. However, behind the scenes, they systematically collect users’ personal and financial information and offer high-interest loans embellished with misleading statements.
During the course of our investigation, ESET identified 18 such malicious apps and reported them to Google. In response, Google removed 17 of these apps from its platform. Before being removed, these apps had been downloaded more than 12 million times from Google Play. ESET found that the app was most actively installed in Southeast Asian regions, including Indonesia, Thailand, Vietnam, Singapore, and the Philippines. ESET actively participates in the App Defense Alliance and malware mitigation programs, aiming to identify and stop potentially harmful applications before they reach Google Play.
“These duplicitous applications take advantage of the trust that users have in legitimate loan providers and use sophisticated techniques to deceive people and “They steal a wide range of personal information.” He advised individuals to check the authenticity of financial apps and services, exercise caution and rely on trusted sources to avoid falling prey to such deceptive schemes.
ESET also states that the data commonly sent to command and control (C&C) servers includes a list of your accounts, call logs, device information, a list of installed apps, local Wi-Fi network information, I discovered that it included calendar events and even files on my device. . Additionally, contact lists, location data, and SMS messages are also at risk. All of this stolen data is encrypted before transmission, providing an added layer of protection against criminal activity. According to ESET Research, the real purpose behind gaining such broad permissions is to spy on and harass users and their contacts.
ESET ties the origins of the SpyLoan scheme to 2020. When a user installs his SpyLoan app, he is asked to agree to the terms of service and grant extensive permissions. If these permissions are not granted, the loan will not be disbursed. Additionally, users are required to provide extensive personal information in order to complete the loan process. Once the app is installed and the data is obtained, bailiffs force victims to pay even if they did not apply for a loan or their loan application was not approved.
Explaining the boom in SpyLoan apps, tefanko noted that developers of these apps draw inspiration from successful financial technology services that use technology to provide streamlined and user-friendly financial services. did.