HQ/EMEAFind out how we can help your business
The SpyLoan malware has allegedly spread and compromised numerous users as it leveraged various applications on Google Play.
Reports revealed that the malicious payload is within 15 applications available on the Play Store that have already garnered millions of downloads. Moreover, the targeted regions of these apps are users from SEA, Africa, and South America.
Researchers have already reported that the malicious apps are no longer downloadable.
The SpyLoan malware campaign has deceived millions as it uses finance-related apps.
Most applications that house the SpyLoan malware are tools that offer consumers loans with a quick approval process on fake terms.
Once the victims have installed the apps, the malware campaign will validate them using a one-time password (OTP) to ensure they are in the targeted region. Next, the operation will allow these users to provide sensitive identification documents, employment details, and bank account information.
The apps then abuse the device’s permissions to obtain personal data, such as access to the user’s contact lists, SMS, camera, call history, and location, for use in the extortion process. Furthermore, the researchers explained that these apps have invasive data collection tactics, including the exfiltration of all SMS messages on compromised devices, GPS/network position, device information, OS details, and sensor data.
Once users get a loan through the app, they are obligated to make high-interest payments and are frequently harassed and threatened by operators using the data stolen from their phones. In some instances, the scammers will call the loanee’s family members and harass them.
The SpyLoan-laden apps that already reached millions of downloads are in Mexico, Colombia, Senegal, and Thailand. On the other hand, a couple of applications in Indonesia have acquired 500,000 downloads.
These malicious applications from the malware operators have constantly appeared on the Google Play Store despite the existence of Google’s app review systems for removing software that violates the guidelines.
The public should be wary of these malicious apps, especially those in the targeted regions. Therefore, always check the app developer’s reputation and enable Google Play Protect to mitigate or prevent the impact posed by these malware-laden applications.
