18 malicious lending apps are scamming millions of Android users

Malicious Loan Apps

Cybersecurity researchers have discovered 18 malicious Android lending apps on the Google Play Store that have collectively been downloaded more than 12 million times.

“Despite their attractive appearance, these services actually aim to defraud users by offering them high-interest loans endorsed with deceptive descriptions, while at the same time collecting their victims’ personal and financial information in order to blackmail them and ultimately to obtain money. ”, ESET said.

The Slovak cybersecurity company tracks these apps under its name Spy loannoting that they are designed to target potential borrowers in Southeast Asia, Africa and Latin America.

The list of apps now removed by Google is below:

  • AA Kredit: Instant Loan App (com.aa.kredit.android)
  • Amor Cash: loans without agency (com.amorcash.credito.prestamo)
  • Gold loan – Fast money (com.app.lo.go)
  • Cashwow (com.cashwow.cow.eg)
  • CrediBus Credit Loans (com.dinero.profin.prestamo.credito.credit.credibus.loan.efectivo.cash)
  • Borrow with confidence – Quick Borrow (com.flashloan.wsft)
  • CreditLoans – GuayabaCash (com.guayaba.cash.credit.mx.tala)
  • Credit Loans-YumiCash (com.loan.cash.credit.tala.prestmo.fast.branch.mextamo)
  • Go Crédito – reliable (com.mlo.xango)
  • Instant loan (com.mmp.optima)
  • Large crate (com.mxolp.postloan)
  • Fast credit (com.okey.prestamo)
  • Finupp Lending (com.shuiyiwenhua.gl)
  • 4S Cash (com.swefjjghs.weejteop)
  • TrueNaira – Online Loan (com.truenaira.cashloan.moneycredit)
  • EasyCash (king.credit.ng)
  • Safe credit – convenient (com.sc.safe.credit)

Text messages and social media channels such as Twitter, Facebook and YouTube act as the main infection routes, although the apps can also be downloaded via scam websites and third-party app stores.

“None of these services offer the option to apply for a loan via a website, because the extortionists cannot access all the sensitive user data stored on a smartphone and needed for blackmail through a browser,” said ESET security researcher Lukáš Stefanko.

The apps are part of a wider program dating back to 2020, adding to a range of more than 300 apps for Android and iOS that KasperskyLookout and Zrijke last year discovered and exploited “victims’ desire for quick money to lure borrowers into predatory lending contracts and require them to grant access to sensitive information such as contacts and text messages.”

In addition to collecting the information from compromised devices, SpyLoan operators have also been observed to resort to blackmail and intimidation tactics to pressure victims into making payments by threatening to release their photos and videos on social media. media platforms.

1703070951 618 18 malicious lending apps are scamming millions of Android users

In a message identified by The Hacker News and posted to the Google Play Help Community earlier this month, a user from Nigeria called out EasyCash for “fraudulently providing loans to their victims with high and excessive interest rates and forcibly making them pay using of threats about blackmail, defamation, and character assassination, while they clearly have the debtor’s address and the government’s full name, including their Bank Identification Number (BVN), they still continue to embarrass people, making them being put under unnecessary pressure and panicking.’

Furthermore, the apps use a misleading privacy policy to explain why they need permission for users’ media files, camera, calendar, contacts, call logs, and text messages. Some apps also link to fake websites, full of stolen photos and stock photos of the office environment, in an attempt to give their activities a veil of legitimacy.

To limit the risks this entails spyware threatsit is advisable to stick to official sources for downloading apps, validate the authenticity of such offers and pay close attention to reviews and permissions before installation.

SpyLoan serves as an “important reminder of the risks borrowers face when seeking financial services online,” Štefanko said. “These malicious applications abuse the trust users place in legitimate loan providers, using sophisticated techniques to deceive and steal a very wide range of personal information.”

The development also follows the resurgence of an Android banking Trojan called TrickMo, which masquerades as a free-flowing streaming app and comes equipped with enhanced capabilities such as screen content stealing, runtime module downloading, and overlay injection to steal credentials. from targeted applications. to use JsonPacker to hide the malicious code.

“The malware’s transition to overlay attacks, use of JsonPacker for code obfuscation, and consistent behavior with the command-and-control server highlight the threat actor’s commitment to refining its strategies,” Cyble said. said in an analysis last week.


#malicious #lending #apps #scamming #millions #Android #users

Notify of
Inline Feedbacks
View all comments
Previous Post

Playbook: Your First 100 Days as a vCISO

Next Post
Website Spoofing

Memcyco’s real-time defense against website spoofing

Related Posts