SpyLoan Mobile Malware Hides in Finance Android Apps

Android smartphones face a potential threat from harmful loan applications that have been downloaded millions of times from the Google Play store, as outlined by security researchers. Approximately 18 apps, recognized as 'SpyLoan' malware, were identified on the store throughout this year. These exploitative lending applications aim to harvest extensive data from users' devices when they borrow money, subsequently using this information for coercion and extortion to compel repayment along with exorbitant interest rates.

Researchers have disclosed information about the apps employed by loan sharks to deceive users, including various methods to circumvent restrictions imposed on the Play Store. The malware is typically crafted with appealing user interfaces, promising swift and easy access to funds coupled with high-interest repayment terms. Allegedly, these apps target users residing in Africa, Latin America, and Southeast Asia.

SpyLoan Hides Behind Convincing Facade

In addition to fulfilling the necessary documentation and Know Your Customer (KYC) identification required for publishing their apps on the Play Store, these SpyLoan apps also present (or link to) official-looking websites containing false information, including details and images of employees obtained from stock image websites.

While the loaned sum is disbursed to users, these predatory loan apps prompt users to divulge various sensitive information by granting different permissions on their phones, such as access to the camera, contacts, messages, call logs, images, Wi-Fi network details, calendar information, and other personal data. Subsequently, this information is transmitted to the servers of the loan sharks.

Instead of allowing users sufficient time to repay the borrowed amount, the SpyLoan apps reduce the repayment window to a few days—a clear violation of Google's Financial Services policy, which stipulates a minimum loan tenure of 60 days. One user review highlights a situation where they had to repay 450 pesos (approximately Rs. 2,160) with an interest of 549 pesos (approximately Rs. 2,640), totaling 999 pesos (approximately Rs. 4,800).

To coerce users into repaying short-term, high-interest loans, the apps utilize exfiltrated data to blackmail users effectively. Of the 18 apps previously reported to Google, 17 have been removed by the search giant. The remaining app persists on the app store, with a new version that lacks similar functionality or permissions.

The list of apps identified by researchers includes 4S Cash, AA Kredit, Amor Cash, Cartera grande, Cashwow, CrediBus, EasyCash, EasyCredit, Finupp Lending, FlashLoan, Go Crédito, GuayabaCash, Instantáneo Préstamo, Préstamos De Crédito-YumiCash, PréstamosCrédito, Rápido Crédito, TrueNaira.

Despite their removal from the Play Store, these apps will linger on the devices of users who have installed them until manually uninstalled. If any of these apps are present on your smartphone, it is advisable to uninstall them promptly.