- Researchers found 15 predatory lending apps on the Play Store
- These apps promise cheap and fast loans, then extort money and harass their victims
- The apps have now been removed
Another set of malicious Android applications from the SpyLoan malware family were discovered and subsequently removed from the Google Play Store.
Unfortunately, by the time the fifteen apps were identified and removed, they had already amassed millions of installs around the world.
SpyLoan apps are also called “predatory loan apps.” They trick victims into losing money in a slightly different way. Once installed, they will still request permission to access things like contact lists, SMS, camera, call logs and device location.
Focused on South America and Asia
The apps are advertised as personal finance software and promise users fast and flexible loans with low rates and minimum requirements.
These rates and requirements are fraudulent, and if the user accepts the service, they will end up paying high interest rates. If they appeal, they are harassed, blackmailed and even their relatives are implicated.
McAfee researchers discovered that the fifteen apps together had eight million downloads. The top four had one million installs each. The full list of malicious apps can be found on McAfee’s blog here.
The apps were mainly aimed at people in South America, Southeast Asia and Africa. The four largest apps, with a combined four million downloads, are designed for users in Mexico, Colombia and Senegal. Once the user installs the app, it sends a one-time passcode that is used to identify the victim’s location and thus decide whether to proceed or not.
The scariest thing about this campaign is that the apps were found in Google’s official repository, the Play Store. Google is usually quite strict when it comes to mobile apps and quickly removes any violators. As such, it has built a reputation as a trusted repository. These SpyLoan apps are another proof that consumers should not blindly trust anyone, not even Google, and always verify.
To make sure an app is legit, check its rating, number of downloads, and reviews. Also make sure that the reviews are not randomly generated by bots. Finally, read some of the lowest-rated reviews to see what other users were most dissatisfied with.
Via BleepingComputer