Malicious Loan Apps in Play Store Decieved 12M Users

Researchers Uncover Malicious Loan Apps With 12 Million Users
Offering money just now in exchange for your confidential information.

Eighteen malicious loan apps on the Google Play Store, posing as legitimate financial services, have scammed users. They offer high-interest-rate loans while harvesting their personal and financial data for malicious purposes, totaling over 12 million downloads.

18 Malicious Loan Apps Defraud Millions of Android Users

Cybersecurity researchers have exposed 18 malicious loan apps on the Google Play Store. These apps collectively amassed over 12 million downloads. Operating under the guise of legitimate financial services, they have duped users into high-interest-rate loans. Meanwhile, apps surreptitiously harvest victim’s personal and financial data for malicious purposes, which we’ll discuss next. Researchers have christened this operation as SpyLoan.

The malicious apps primarily focus on preying upon potential borrowers in Southeast Asia, Africa, and Latin America. Despite their attractive appearance, these apps are far from genuine financial services; instead, they engage in fraudulent activities that exploit unsuspecting users. Although these apps have been removed from the store, the damage has already been done. The primary infection pathways include SMS messages and social media like Twitter, Facebook, or YouTube. The list of now-removed apps includes:

  • AA Kredit: इंस्टेंट लोन ऐप (com.aa.kredit.android)
  • Amor Cash: Préstamos Sin Buró (com.amorcash.credito.prestamo)
  • Oro Préstamo – Efectivo rápido (com.app.lo.go)
  • Cashwow (com.cashwow.cow.eg)
  • CrediBus Préstamos de crédito (com.dinero.profin.prestamo.credito.credit.credibus.loan.efectivo.cash)
  • ยืมด้วยความมั่นใจ – ยืมด่วน (com.flashloan.wsft)
  • PréstamosCrédito – GuayabaCash (com.guayaba.cash.okredito.mx.tala)
  • Préstamos De Crédito-YumiCash (com.loan.cash.credit.tala.prestmo.fast.branch.mextamo)
  • Go Crédito – de confianza (com.mlo.xango)
  • Instantáneo Préstamo (com.mmp.optima)
  • Cartera grande (com.mxolp.postloan)
  • Rápido Crédito (com.okey.prestamo)
  • Finupp Lending (com.shuiyiwenhua.gl)
  • 4S Cash (com.swefjjghs.weejteop)
  • TrueNaira – Online Loan (com.truenaira.cashloan.moneycredit)
  • EasyCash (king.credit.ng)
  • สินเชื่อปลอดภัย – สะดวก (com.sc.safe.credit)

Interestingly, these services exist exclusively as apps and work only on smartphones. You won’t find a web version or an official website. This allows attackers to request permission to obtain users’ confidential information stored on the victim’s smartphones.

Dirty Fraud Methods

In the previous paragraph, I emphasized that attackers operate exclusively through mobile devices instead of classic websites. This is because they would not be able to access as much information through a website as they can through a phone. The operators of SpyLoan not only harvest information from compromised devices but also resort to blackmail and harassment tactics. I.E., victims are pressured into making payments under the threat of releasing their private photos and videos on social media platforms (that reminds me of something). This alarming revelation underscores the darker side of the digital lending landscape.

Permissions request screenshot
The permissions that applications usually request

Users often have reported instances of fraud and coercion. For example, a user from Nigeria, in a message posted on the Google Play Help Community, accused EasyCash of fraudulent lending practices, including exorbitant interest rates and threats of blackmail. Additionally, the apps deploy misleading privacy policies to justify extensive permissions, including access to media files, camera, calendar, contacts, call logs, and SMS messages. This revelation coincides with the resurgence of TrickMo, an Android banking trojan masquerading as a free streaming app. The trojan has enhanced capabilities, including stealing screen content and employing overlay attacks.

Defense Measures and Advice

This SpyLoan incident is not alone but part of a broader scheme dating back to 2020. It adds to over 300 Android and iOS apps uncovered last year. These apps also exploited users’ urgent need for quick cash, trapping them into predatory loan contracts and coercing them into granting access to sensitive information. To mitigate the risks posed by such spyware threats, users are advised to:

  • Validate the authenticity of offerings. It is not hard to conceal a rip-off as a genuine and beneficial deal. When it comes to financial operations, it is vital to check every element of the offered deal to find catches. Though in some cases, this is not enough – so I’d prefer the second option.
  • Do your research regarding the service provider. Regardless of how good the offer appears to be, it should come from a benign company. Any mismatches in the information, questionable testimonials, outdated, abandoned or even absent sites – those are the signs of a bad deal. And a perfect reason to review your plans to use their services.
  • Pay close attention to reviews and permissions before installation. Asking for excessive permissions is a classic catch of quite a few mobile malicious programs. People used to click-through permissions pop-ups during installation, and that is what frauds rely on. Check out what the app asks for, and compare it to the real program functionality. Because why would a financial app ever need continuous access to your microphone?

Malicious Loan Apps in Play Store Decieved 12M Users

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *