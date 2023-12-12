Fraudulent Android Apps: SpyLoan’s Exponential Growth. Downloaded up to 12 million downloads

The researchers of Eseta global European leader in the cybersecurity market, observed in 2023 a growth alarming of fraudulent android loan appswhich present themselves as legitimate personal loan services, promising quick and easy access to funds.

Despite the attractive appearance, these services they are actually designed to defraud usersoffering them high interest rate loans accompanied by misleading descriptions, all while collecting victims’ personal and financial information to blackmail them.

Eset systems then recognize these applications with the detection name ‘SpyLoan‘, which directly refers to their spyware functionality combined with loan requests. SpyLoan apps are spread through social media and SMS messages and are available for download from scam websites, third-party app stores and even Google Play.

Eset is a member of the App Defense Alliance (ADA) and an active partner in the Malware mitigation program, which aims to quickly identify potentially harmful applications and block them before they land on Google Play.

As a member of the Ada, Eset identified 18 SpyLoan applications and reported them to Google, which subsequently removed 17 of them from its platform. These apps had a total of over 12 million downloads from Google Play before their removal. The last app listed has changed its behavior; Eset no longer detects it as a SpyLoan app.

Each instance of a particular SpyLoan app, regardless of origin, behaves identically thanks to a common code base. It doesn’t matter if the download comes from a suspicious website, a third-party app store, or even Google Play: users will experience the same features and run the same risks, regardless of where the app comes from.

According to Eset telemetry, the creators of these apps, who blackmail and harass their victims, even with death threats, operate mainly in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, Philippines, Egypt, KenyaNigeria and Singapore. Eset researchers believe that any detections outside of these countries are linked to smartphones that, for various reasons, have access to a phone number registered in one of these countries. At the moment there are no active campaigns aimed at European countries, the United States or Canada.

Victims of these apps report that the total annual cost (Cta) of these loans is much higher than agreed and the duration of the loan is much shorter than agreed. In some cases, borrowers were pressured to repay their loans in five days, instead of the expected 91 days, and the CTA of a loan was between 160% and 340%.

“These fraudulent apps exploit the trust users place in legitimate loan providers, using sophisticated techniques to deceive people and steal a wide range of personal information,” he explains. Lukáš Štefanko, researcher Eset who discovered many of the SpyLoan applications.

“It is crucial that individuals exercise caution, validate the authenticity of any financial app or service, and rely on trusted sources. By remaining informed and vigilant, users can better protect themselves from the risk of falling victim to these deceptive schemes,” adds the researcher Exet.

Once the user installs a app SpyLoan, they are asked to accept the terms of service and grant broad permissions to access sensitive data stored on the device. According to the privacy policies of these apps, if these permissions are not granted, the loan is not disbursed. To complete the loan application process, users are also forced to provide numerous personal information.

To protect their activities, criminals encrypt all stolen data before transmitting it to the server. While legitimate financial institutions are required to collect personal information about their customers, identity verification and risk assessment can be done using much less invasive data collection methods.

ESET believes that the true purpose of the permissions requested by SpyLoan apps is to spy on users and blackmail both them and their contacts.

After installing the app and collecting personal data, those responsible for the application begin to pressure victims into making payments, even if, according to reviews, the user has not applied for a loan or has requested but was not approved. These practices have been described in reviews of these apps on Facebook and Google Play.

“There are several reasons behind the rapid growth of SpyLoan apps. One of them is that the developers of these apps are inspired by successful financial technology services, which leverage technology to provide simplified and easy-to-use financial services,” explains Štefanko.

