album-art
00:00

 

Android users, do you think apps that you download from the Google Play Store are completely secure and harmless?

Well, around 8 million Android users have been duped by 15 loan apps on the Google Play Store. These malicious apps bait naive Android users across Thailand, Chile, Vietnam, Columbia, Mexico, Peru, and Tanzania under the pretext of easy, quick, and effortless loans. The worst part is that out of these 15 apps, 5 are still live on Google Play Store as they have agreed to comply with Google Play policies

The majority of these 15 apps have been advertised widely on different social media platforms such as Facebook. These potentially unwanted programs leverage different types of social engineering tactics to coax them into sharing sensitive and personal details. Once threat actors get access to such data, users can face serious risks such as financial loss, extortion, harassment, blackmailing, and so on.

 

cyber attack

 

What is SpyLoan?

SpyLoan is a malware that came into the scene back in 2020. Gradually, SpyLoan got all the attention because of a set of 18 different loan lending apps. These apps are used to offer loans at high interest and seek personal information from the app users. 

The idea was to secure sensitive details and financial information from the users and then use the same data to force them into paying extremely high interest rates or blackmailing them by using personal information. Such apps never offer genuine financial assistance. Rather, these malicious apps are designed in a way that pushes naive users into a vicious cycle of debts. Also, privacy invasion is a major concern.

 

cyber security

 

How do these apps operate?

Each PUP application has its unique targets. However, cyber experts have identified a commonality among all the apps- a framework that encrypts and exfiltrated data from the user device onto a C2 (command and control) server. Next, the apps require multiple permissions, which further allows the threat actors easy access to your contact lists, SMS messages, call logs, etc. 

They claim that these details are necessary for user identification as well as for implementing anti-fraud measures. Users are validated and tracked through a one-time password or OTP. Further, users are also required to provide other significant details such as employee information, supplementary identification documents, bank account details, and so on. Scammers eventually exfiltrate all the data to the C2 server.

Cybercriminals exploit psychological factors like urgency, financial desperation, and the appeal of convenience to deceive users. The promise of a quick, hassle-free loan without the usual paperwork or formalities of traditional financial institutions often seems irresistible to many. Unfortunately, this is precisely why countless unsuspecting individuals fall victim to phishing scams. Strengthening phishing protection measures is essential to safeguard users from such fraudulent schemes.

 

phishing protection

 

Also, the presence of PUP in the Google Play Store is actually quite shocking. Apps listed in the Google Play Store are widely trusted and downloaded. No one could have imagined that cybercriminals have actually pulled off this stunt of fetching personal data from under the nose of the Google Play Store!