Security company ESET points out that the unscrupulous loan application 'SpyLoan' that steals personal information has been downloaded more than 12 million times on Google Play

Security company

ESET has pointed out the existence of a malicious loan app `` SpyLoan '' that has been downloaded more than 12 million times on Google Play, Android's official app store, in 2023. According to ESET, SpyLoan is distributed not only on Google Play but also on third-party app stores and websites, so the actual number of downloads is likely to be higher.

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths

SpyLoan Android malware on Google Play downloaded 12 million times

SpyLoan steals personal information from the installed Android device, including all account lists, device information, call logs, installed apps, calendar events, local Wi-Fi network details, image metadata, etc. Masu. According to security researchers at ESET, the risk of data leakage extends to contacts, location information, and text messages.

SpyLoan is a loan app masquerading as a legitimate financial service for personal loans that promises 'fast and easy access to funds.' However, in reality, it seems that users are tricked into accepting high-interest payments, and then the threat actor blackmails the victims and forces them to pay.

ESET, a member of the App Defense Alliance, which aims to eradicate malware from Google Play, reports that it has discovered more than 18 types of SpyLoans since the beginning of 2023. In response to ESET's report, Google has so far removed 17 types of SpyLoans, but one seems to have been reborn with different permissions and feature sets and is no longer detected as a SpyLoan.

Below is one of the SpyLoans that was available on the App Store and Google Play in 2020. It has been downloaded more than 5 million times on Google Play, and the app has a very high rating of 4.7 stars.

SpyLoan was first confirmed in 2020, but it is said that it will not become widely popular around 2022. According to ESET, SpyLoan appears to be distributed on fraudulent websites, third-party app stores, and Google Play. According to ESET data, the number of SpyLoan detections is increasing throughout 2023.

The map below shows SpyLoan's target countries in color, with SpyLoan being particularly active in Mexico, India, Thailand, Indonesia, Nigeria, Philippines, Egypt, Vietnam, Singapore, Kenya, Colombia, and Peru. On the other hand, at the time of article creation, no activity has been confirmed in countries and regions such as Europe, the United States, Canada, and Japan.

SpyLoan pretends to comply with Google's privacy policy in order to be distributed on Google Play. In many cases, SpyLoan creates websites that imitate legitimate company sites and forge photos of employees and offices to create a false sense of credibility.

A token website prepared by one of the SpyLoan apps

SpyLoan unilaterally shortens the term of personal loans and threatens users with ridicule and exposure if they do not comply. ESET points out that this is a clear violation of Google's financial services policies. Additionally, SpyLoan's privacy policy is deceptive and 'presents seemingly legitimate reasons' to obtain dangerous permissions.

For example, it asks for permission to upload a photo to confirm customer information and also asks for permission to access a camera app, or it asks for permission to access a calendar app to remind you of a payment date, which is very annoying. ESET points out.

Additionally, SpyLoan may request permissions that are completely unnecessary, such as access to call logs and contacts. These privileges are said to be used for blackmailing users when they reject unfair payment requests. The screenshot below shows a blackmail message received by a user who was actually using SpyLoan.

Regarding SpyLoan, ESET says, ``While the SpyLoan app technically meets Google's privacy policy requirements, what it actually does is clarify the extent of data collection necessary to provide financial services and comply with KYC banking standards.'' 'We believe that the true purpose of these apps is to spy on app users and to harass and intimidate them and their contacts.'

The best way to protect yourself from the SpyLoan threat is to only trust appropriate financial institutions, check the type of permissions required when installing new apps, and use Google Play, which is full of fraudulent apps. Technology media Bleeping Computer summarizes that when installing an app from , check user reviews in detail.

in Mobile,   Software,   Security, Posted by logu_ii