SpyLoan Malicious App Downloaded 12M+ Times in Google Play

The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them.

A variety of malicious loan apps, under the name SpyLoan, have been downloaded more than 12 million times in 2023 from
Google Play
, the official app store for Android.
Thats according to ESET researchers, who said that the apps overall download tally is likely much higher, as the apps are also available on third-party app stores and other websites.
SpyLoan falsely presents itself as a legitimate financial service for personal loans, promising easy access to funds, only to trick its users into signing up for high-interest payments. While doing this, the threat actors also collect the personal and financial information of the victim to blackmail them. Victims of these apps, most of which are vulnerable individuals, have stated that the annual cost of the loans offered on the app are much higher than stated, and the loan tenure is shorter.
According to the ESET researchers
, the loans are marketed through SMS messages and social media. Each SpyLoan app,
no matter where it was downloaded from
, behaves in the same manner due to underlying identical code, meaning that every user will ultimately have the same experience and the same risks.
Operators of these apps and others that harass and blackmail their victims operate from countries, including Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, and the Philippines, according to ESET. The user data that is exfiltrated includes call logs, calendar events, device information, installed apps, local Wi-Fi network SSIDs, and file information. Information such as SMS messages, contacts, and location data are also at risk. According to the researchers, the real purpose of the permissions requested by SpyLoan apps is to spy on their users and harass and blackmail them and their contacts.
For individuals to protect themselves,
ESET stresses that users be cautious
when downloading such apps, especially those with financial purposes, and validate the authenticity of the app prior to using it.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
SpyLoan Malicious App Downloaded 12M+ Times in Google Play