SpyLoan Malicious App Downloaded 12M+ Times in Google Play

  /     /     /  
Publicated : 23/11/2024   Category : security


SpyLoan Malicious App Downloaded 12M+ Times in Google Play


The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them.



A variety of malicious loan apps, under the name SpyLoan, have been downloaded more than 12 million times in 2023 from
Google Play
, the official app store for Android.
Thats according to ESET researchers, who said that the apps overall download tally is likely much higher, as the apps are also available on third-party app stores and other websites.
SpyLoan falsely presents itself as a legitimate financial service for personal loans, promising easy access to funds, only to trick its users into signing up for high-interest payments. While doing this, the threat actors also collect the personal and financial information of the victim to blackmail them. Victims of these apps, most of which are vulnerable individuals, have stated that the annual cost of the loans offered on the app are much higher than stated, and the loan tenure is shorter.
According to the ESET researchers
, the loans are marketed through SMS messages and social media. Each SpyLoan app,
no matter where it was downloaded from
, behaves in the same manner due to underlying identical code, meaning that every user will ultimately have the same experience and the same risks.
Operators of these apps and others that harass and blackmail their victims operate from countries, including Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, and the Philippines, according to ESET. The user data that is exfiltrated includes call logs, calendar events, device information, installed apps, local Wi-Fi network SSIDs, and file information. Information such as SMS messages, contacts, and location data are also at risk. According to the researchers, the real purpose of the permissions requested by SpyLoan apps is to spy on their users and harass and blackmail them and their contacts.
For individuals to protect themselves,
ESET stresses that users be cautious
when downloading such apps, especially those with financial purposes, and validate the authenticity of the app prior to using it.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SpyLoan Malicious App Downloaded 12M+ Times in Google Play