- Researchers found 15 predatory loan apps on the Play Store
- These apps promise cheap and quick loans, and then extort money and harass their victims
- The apps have since been removed
Another 15 Android applications from the SpyLoan malware family were discovered, and subsequently removed, from the Google Play Store. Unfortunately, by the time they were identified and ousted, they amassed millions of installations around the world.
SpyLoan apps are also called “predatory loan apps.” They trick the victims into losing money in a somewhat different fashion. Once installed, they will still ask permission to gain access to things like contacts lists, SMS, camera, call logs, and the device’s location.
However, the apps are advertised as personal finance software, promising users quick and flexible loans with low rates and minimal requirements.
Targeting South America and Asia
These rates and requirements are fraudulent, and if the user accepts the service, they will end up paying high-interest rates. If they appeal, they will be harassed, blackmailed, and will even have their family members dragged into it, as well.
McAfee’s researchers found 15 apps, who cumulatively had eight million downloads between them. The top four had a million installations each. The full list of malicious apps can be found on McAfee’s blog here.
The apps primarily targeted people in South America, Southeast Asia, and Africa. The top four apps, with four million downloads between them, were designed for users in Mexico, Colombia, and Senegal. Once the user installs the app, it will send a one-time passcode which it uses to identify the victim’s location, and thus decide whether to proceed or not.
The scariest part about this campaign is that the apps were found on Google’s official repository, the Play Store. Google is usually quite stringent when it comes to mobile apps, and quick to remove any offenders. As such, it has built a reputation of a trusted repository. These SpyLoan apps are another proof that consumers should not blindly trust anyone, not even Google, and should always verify.
To make sure an app is legitimate, make sure to check its rating, the number of downloads, and the reviews. Also, make sure the reviews aren’t randomly generated by bots. Ultimately, read a few lowest-rated reviews, to see what other users were most dissatisfied with.
Via BleepingComputer