428/67 Monday, December 2, 2024
McAfee security researchers have uncovered 15 SpyLoan applications on the Android platform available in the Google Play Store, with a total of over 8 million installations. These apps primarily target users in South America, Southeast Asia, and Africa. Far from being simple loan tools, they act as a means to extort personal information, intimidate users, and cause severe financial harm. SpyLoan apps are designed to lure victims with enticing loan offers, such as low interest rates, approval without credit checks, and lenient loan terms. However, behind the scenes, these apps exploit personal user data—such as contact lists, messages, call logs, photos, and more—to intimidate or coerce users into paying exorbitant rates.
Once installed, these apps request access to an excessive amount of information unrelated to lending services, such as permissions for the camera, microphone, contacts, and storage. They also employ psychological tactics, like requesting OTPs, to create a sense of urgency and compel users to disclose personal information. Victims of SpyLoan apps often face threats such as harassing phone calls, public exposure of their personal data, or the spread of false information. Attackers may even share personal details with close contacts, sending intimidating or deceitful messages to victims’ friends and family.
Authorities in Peru recently dismantled an operational center linked to SpyLoan, which had extorted over 7,000 victims across Peru, Mexico, and Chile. This case highlights the global nature of the SpyLoan threat, which is no longer confined to specific regions but has evolved into a widespread menace.
After McAfee’s report, some SpyLoan apps were promptly removed from the Google Play Store, while others were updated by developers to reduce illegal activities. However, the issue remains complex, as these apps quickly adapt by relocating to new accounts or regions. McAfee’s report also indicates that SpyLoan activities surged by over 75% from Q2 to Q3 of 2024, underscoring the growing threat to mobile devices.
To avoid falling victim to such schemes, users are advised to:
- Avoid downloading apps from untrusted sources.
- Carefully review app permissions and user reviews before installation.
- Install anti-malware apps and keep software regularly updated.
Source https://securityaffairs.com/171553/cyber-crime/15-spyloan-android-apps-on-google-play.html
