78/68 Wednesday, February 26, 2025
Researchers from CYFIRMA have discovered a malicious app called “Finance Simplified” on Google Play, which is infected with the SpyLend malware. This malware targets users in India, masquerading as a financial calculator while actually functioning as an illegal loan app. It exploits users’ personal data for blackmail and extortion. Within just one week, the app reached 100,000 downloads, with victims reporting threats and manipulated personal photos being turned into explicit images to coerce payments.
SpyLend gains access to sensitive information, including contacts, call logs, SMS messages, photos, and location data. It also redirects users to download an external APK file, bypassing Google Play’s security mechanisms. Once the additional malware is installed, it steals data from files, clipboard contents, and other device storage.
Further analysis revealed that SpyLend operates through a command-and-control (C2) server hosted on Amazon EC2, with control panels available in English and Chinese, suggesting the attackers may be Chinese-speaking threat actors. The malware leverages APIs to access files, contacts, call logs, and SMS data for blackmail purposes. In some cases, attackers modify victims’ photos into fake explicit images to force them into making payments, leading to severe privacy and security risks.
Source https://securityaffairs.com/174540/malware/spylend-android-malware-100k-downloard.html
