Targeting mostly users in South America, Southeast Asia, and Africa, a fresh batch of 15 SpyLoan Android malware apps with over 8 million installs was found on Google Play. The apps have already been taken down from Android’s official app store after being uncovered by McAfee, a member of the “App Defense Alliance.” However, McAfee claims that even recent law enforcement operations against SpyLoan operators have not stopped the problem, demonstrating the threat actors’ tenacity through their position on Google Play.
In December 2023, more than a dozen apps with a combined 12 million downloads were taken down in the most recent significant “SpyLoan cleaning” on Google Play.
The way that SpyLoan works
SpyLoan apps are financial instruments that offer loans to customers with a quick approval process under misleading and frequently fake terms. After the victims install the apps, a one-time password (OTP) is used to verify that they are located in the intended area. They are then asked to provide banking account information, employment details, and sensitive identity documents. Furthermore, the applications abuse the device’s permissions to gather a great deal of private information for the extortion process, such as the user’s location, contact lists, SMS, camera, and call logs.
According to McAfee, these apps’ aggressive data-gathering strategies include exfiltrating all SMS messages on the victim’s handset in addition to GPS/network position, device details, operating system information, and sensor data.
After using the app to obtain a loan, users are required to make high-interest payments and are frequently harassed and threatened by the operators using the information that was obtained from their phones. Sometimes the scammers harass the loanee’s family members by calling them.
8 million downloads on Google Play
McAfee’s investigation identified 15 malicious SpyLoan apps, which have been installed over 8 million times through the Play Store alone. Below is a list of the eight most popular:
- Préstamo Seguro-Rápido, Seguro – 1,000,000 downloads, primarily targets Mexico
- Préstamo Rápido-Credit Easy – 1,000,000 downloads, primarily targets Colombia
- ได้บาทง่ายๆ-สินเชื่อด่วน – 1,000,000 downloads, primarily targets Senegal
- RupiahKilat-Dana cair – 1,000,000 downloads, primarily targets Senegal
- ยืมอย่างมีความสุข – เงินกู้ – 1,000,000 downloads, primarily targets Thailand
- เงินมีความสุข – สินเชื่อด่วน – 1,000,000 downloads, primarily targets Thailand
- KreditKu-Uang Online – 500,000 downloads, primarily targets Indonesia
- Dana Kilat-Pinjaman kecil – 500,000 downloads, primarily targets Indonesia
SpyLoan apps persist in getting past Google’s app review procedures, which are designed to ban software that breaches the conditions of the Play Store. Read user reviews, look up the developer’s reputation, restrict the permissions apps are given when they are installed, and make sure Google Play Protect is turned on on the device to mitigate this risk.
