HQ/EMEAFind out how we can help your business
SpyLoan, a collection of over a dozen malicious loan applications, has already gathered 12 million downloads on Google Play this year. Reports revealed that the increase in this number is likely higher due to their availability on third-party sources and malicious websites.
These Android threats pose as legitimate financial services that offer quick access to funds but execute a cover operation that steals sensitive data from devices. The confirmed data that this malware targets includes account details, device specifics, call logs, installed applications, calendar events, Wi-Fi network details, and image metadata. In addition, some instances extend to contact lists, location data, and text messages.
Moreover, the deceptive apps urge users to accept high-interest payments, and threat actors blackmail victims into fulfilling these financial demands. Throughout 2023, several investigations identified 18 SpyLoan apps.
On the other hand, Google responded to these findings by removing 17 of these malicious applications. Unfortunately, one app with altered permissions and functionality remains undetected as a SpyLoan threat.
These SpyLoan apps have been available to the public since at least 2020.
The emergence of SpyLoan apps dates to 2020, during lockdowns due to the pandemic. However, they only gained popularity on Android and iOS platforms in the past year.
Investigations showed that the typical distribution channels for these apps include fraudulent websites, third-party app stores, and Google Play. Particular research indicates a rising SpyLoan threat in various countries, with notable prevalence in Mexico, India, Thailand, Indonesia, Nigeria, the Philippines, Egypt, Vietnam, Singapore, Kenya, Colombia, and Peru.
According to researchers, SpyLoan apps submit with seemingly compliant privacy policies, adhere to know-your-customer (KYC) standards, and request permissions transparently to infiltrate the Google Play Store.
However, SpyLoan apps violate Google’s Financial Services policy by subjectively shortening loan terms and resorting to intimidation tactics if users refuse payment demands. Furthermore, these apps also violate privacy policies since they require invasive permissions.
For example, the SpyLoan apps request camera access required for photo data uploads for KYC, and calendar access is purportedly for scheduling payments, but these practices are highly intrusive. SpyLoan apps also request unnecessary permissions, such as accessing call logs and contact lists, which they exploit to extort users.
Smartphone users should only trust established financial institutions and carefully scrutinise requested permissions when installing new apps to avoid infections from these SpyLoan threats. Lastly, users should read user reviews on Google Play for potential clues about fraudulent behaviour.
