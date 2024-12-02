Key Takeaways Over a dozen malicious Android apps on the Google Play Store have been flagged for containing SpyLoan malware that exploits users through predatory loan schemes.

These apps use social engineering to collect sensitive information and permissions, leading to risks like extortion, harassment, and financial loss.

SpyLoan, a recurring threat since 2020, has evolved to exploit users by offering high-interest loans while secretly stealing personal data for coercion and intimidation tactics.

Malicious apps are typically spread through phishing links, shady websites, or third-party app stores. Google does a very good job of keeping these apps at bay, but occasionally, some manage to sneak into the Play Store. Earlier this year, Necro malware infected over 10 million Android phones through two Play Store apps – Benqu's Wuta Camera and Max Browser. Now, security researchers have discovered over a dozen malicious Android apps on the Google Play Store, collectively downloaded more than 8 million times, which contain malware known as SpyLoan.

McAfee's mobile research team has spotted a troubling new trend with SpyLoan apps (via The Hacker News). These shady loan apps use social engineering tricks to target Android users worldwide. So far, 15 of these apps have been found, going after people in South America, Southern Asia, and Africa. They all share similar code and systems, stealing data and sending it to command-and-control (C2) servers. Most of these apps hide behind fake names and logos that look like real financial institutions.

The 15 predatory loan apps are listed below.

Préstamo Seguro-Rápido, seguro

Préstamo Rápido-Credit Easy

ได้บาทง่ายๆ-สินเชื่อด่วน

RupiahKilat-Dana cair

ยืมอย่างมีความสุข – เงินกู้

เงินมีความสุข – สินเชื่อด่วน

KreditKu-Uang Online

Dana Kilat-Pinjaman kecil

Cash Loan-Vay tiền

RapidFinance

PrêtPourVous

Huayna Money – Préstamo Rápido

IPréstamos: Rápido Crédito

ConseguirSol-Dinero Rápido

ÉcoPrêt Prêt En Ligne

Some of these apps have been promoted through posts on social media platforms like Facebook. We tried looking for these apps on the Play Store, but it seems Google has removed most of them.

How do these predatory apps work

SpyLoan malware has been causing trouble for a while now. These apps pretend to be legit financial organizations and offer loans to lure users in. Once you install them, they ask for sensitive information like ID documents and banking details. On top of that, they demand access to your contacts, media, camera, and more.

The main aim of this scam is to collect as much personal information as possible from infected devices. The scammers then use this data to extort users, pressuring them to repay loans with sky-high interest rates or, in some cases, blackmailing them with stolen personal photos. Some victims have even reported that these app operators harassed their family members and sent death threats.