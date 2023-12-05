Security experts are having a hard time detecting all the malware that ends up sneaking into Google Play and infecting users’ Android devices. Hackers are increasingly looking for ways to introduce this malware make it difficult to detect. The balance, as revealed by the cybersecurity firm ESET, could not be more negative.

Millions of malware downloads

ESET is working hard to detect threats on Android because it is part of its responsibility. In addition to having its own antivirus and security business, the entity is part of the App Defense Alliance, an organization that has the mission of keeping Android clean and free of infections. During their guard period they have detected 18 apps infected with SpyLoan17 of them being eliminated and the last recovering and cleaning itself to the point of being free of danger.

Along with this entity, other important brands in the security sector such as Kaspersky or Lookout have also participated in the discovery of SpyLoan. Their work not only covers what happens on Android, but they also deal with doing the same on iOS, since they are aware that hackers have the ability to sneak into any operating platform. The term SpyLoan may not sound familiar to you, but little by little, unfortunately, it is gaining more and more impact. These are apps that are presented as financial toolsusually to obtain quick loans, and whose objective is to infect and control users’ mobile phones.

Hackers are becoming more and more skillful

One of the problems the SpyLoan team has encountered is that hackers are finding ways to better camouflage their infected applications. What they do, first, is make sure that their apps They comply with all Google Play standards totally to the letter. After that, they take into account that they have to be very careful with the permissions that the app initially requests from users. In this way they prevent the alarms from going off.

The problem is that these tools hide different infection methods. What some do is link, from different parts of the app, to fraudulent web pages that, clearly, They look real. Link sites are so convincing that they have absolutely everything you would expect from a real page, such as an “About” section with photos of all the team members. Of course, it is somewhat false.

The vast majority of these apps categorized as SpyLoan, such as OKrédito – Credit Loans, are advertised as tools that help users obtain financial loans. What they do is present conditions that are apparently very advantageous and, from the moment users download and install their apps, start different extortion and infection processes. Security specialists say that, for example, applications try to gain access to additional permissions within the user’s mobile phone. This is how they try to gain access to photos, the use of the camera and other tools that bypass Android’s terms of use, but that they can get if the user gives their authorization.

From the moment the user begins to ignore the messages they receive from the application from the hackers, it starts a much more aggressive plan. What hackers do is send threats and tell you that if you don’t comply with what they are asking, they will expose you to the world by publishing files that they have taken from your device. These messages were highlighted with threats that were progressively raising the level as you can see in the screenshot that ESET has shared and which you can see below.

It is important to keep in mind how crucial it is stay away from SpyLoan no matter how attractive the loan conditions seem. There are users who mention that they have even received some amount of money in their account from the loan, but then they have encountered extortion and indiscriminate assault on their data and phone. This type of malware is acting more intensely in Mexico, Colombia, Peru, the Philippines and India, among other countries. Experts say that not only can they do everything we have indicated, since hackers also have the ability to access call logs, calendars, WiFi connection data and user account access information.