SpyLend, an Android malware app under the "SpyLoan" category, was downloaded over 100,000 times from Google Play. It was disguised as a financial tool for victims and soon transformed into a predatory loan platform for those present in India. While posing as a financial service, it instead steals user data for predatory lending.
The apps lure many people with more promises about simple and fast loans that need little documents and offer lucrative terms. After getting installed, they need extensive permissions that allow the apps to steal personal information like call logs, images, location, messages, and contact lists.
The harvested data is exploited in a manner that harasses and blackmails people, especially if they fail in terms of meeting the platform’s repayment terms. As per CYFIRMA, which is a leading cybersecurity company, they found how the malware grew in popularity in no time.
The company shared how most users targeted were based in India where it stole information from devices so they could be used for predatory lending. Experts also found malicious APKs in similar malware campaigns such as PokketMe and StashFur.
As per a Google's spokesperson, "The app has been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."
Researchers argue, Google has removed the apps from the Play Store, but they may still operate on infected devices. This means collecting sensitive data from infected devices. Multiple user reviews for things like Finance Simplified on Google Play displayed how the app offers loans that extort browsers if they’re not paying high rates of interest.
Low loan amounts and blackmail are what you get in return for using this platform, read one shocking review from an upset user online. All of these apps claim that they’re registered as NBFCs but that’s not true, CYFIRMA shared.
To avoid getting detected, they redirect users to another website where they install loan app APKs that are hosted through Amazon’s EC2 servers. As per the researchers, this platform only installs deceptive interfaces located in India and displays how it makes use of specific targeting by region.
A lot of the data is stolen including highly sensitive personal data stored on user phones. And while most data is used for extorting victims who made mistakes in applying for such loans, it could give rise to financial fraud. In other cases, the data is resold on the dark web so cybercriminals can benefit.
Image: DIW-Aigen
Read next: OpenAI Predicts Major Shift In Next Five Years With 75% Data Center Capacity Coming from Stargate
The apps lure many people with more promises about simple and fast loans that need little documents and offer lucrative terms. After getting installed, they need extensive permissions that allow the apps to steal personal information like call logs, images, location, messages, and contact lists.
The harvested data is exploited in a manner that harasses and blackmails people, especially if they fail in terms of meeting the platform’s repayment terms. As per CYFIRMA, which is a leading cybersecurity company, they found how the malware grew in popularity in no time.
The company shared how most users targeted were based in India where it stole information from devices so they could be used for predatory lending. Experts also found malicious APKs in similar malware campaigns such as PokketMe and StashFur.
As per a Google's spokesperson, "The app has been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."
Researchers argue, Google has removed the apps from the Play Store, but they may still operate on infected devices. This means collecting sensitive data from infected devices. Multiple user reviews for things like Finance Simplified on Google Play displayed how the app offers loans that extort browsers if they’re not paying high rates of interest.
Low loan amounts and blackmail are what you get in return for using this platform, read one shocking review from an upset user online. All of these apps claim that they’re registered as NBFCs but that’s not true, CYFIRMA shared.
To avoid getting detected, they redirect users to another website where they install loan app APKs that are hosted through Amazon’s EC2 servers. As per the researchers, this platform only installs deceptive interfaces located in India and displays how it makes use of specific targeting by region.
A lot of the data is stolen including highly sensitive personal data stored on user phones. And while most data is used for extorting victims who made mistakes in applying for such loans, it could give rise to financial fraud. In other cases, the data is resold on the dark web so cybercriminals can benefit.
Image: DIW-Aigen
Read next: OpenAI Predicts Major Shift In Next Five Years With 75% Data Center Capacity Coming from Stargate
){kind=link}