SpyLoan malware is all the rage on the Play Store: how to defend yourself

Sometimes it may happen that you need a loan, but turning to any app on the Play Store might not be a good idea (by the way, do you know how to get a refund from the bank in case of phishing?).

According to what was found by the cybersecurity company ESET, in fact, they are eighteen apps in the Google marketplace you download more than overall 12 million times only this year and defined SpyLoan, that is, specialized in the release of loans but at the same time they steal user data, and the phenomenon is constantly growing (do you know the difference between antimalware and antivirus?).

Spotted for the first time in 2020SpyLoan apps saw a sudden surge last year, especially on Android phones rather than iOS, according to ESET (a member of Defense Alliance App dedicated to detecting and eradicating malware from Google Play), Lookout, Zimperium and Kaspersky.

These apps, which spread from Web sites fraudulent, third-party app stores and Google Playpresent themselves as legitimate financial services for personal loans that they promise”quick and easy access to funds“.

However, they trick users into accepting payments at high interest and then the threat actor blackmails the victims into paying the money as the apps steal from personal data of the device which include a list of all accounts, information, registers of calls, installed apps, events of calendar, details of the WIFI network locale and metadata from images. Researchers say the risk also extends to your contact listto the data on position and ai text message.

Since the beginning of the year, ESET has detected 18 of these apps, even very popular ones (the one below has been downloaded 5 million times), and reported them to Google, which he proceeded to remove 17. One, however, is still available after changing permissions and functionality and is no longer detected as a threat SpyLoan.

But how is it possible that these apps are published on Google Play? According to ESET researchers, these apps claim policies privacy policies comply with Google rules, require “know your customer” (KYC) standards and boast transparent authorization requests.

In many cases, fraudulent apps link to Web sites which are blatant imitations of legitimate company sites, even showing photos of employees and offices to create a false sense of authenticity.

In reality, these apps violate Google’s financial services policy by unilaterally shortening the mandate for personal loans to few days or any other arbitrary period e threatening the user to expose his data or photos if he does not pay.

Furthermore, what is mentioned in the privacy policies is misleading, presenting seemingly legitimate reasons to get risky permissionssuch as the authorization of camera, presumably necessary to allow uploading of photo data for KYC data, or access to calendar, to schedule payment dates and reminders.

In reality, these are extremely intrusive and illegitimate practices, without considering unnecessary permissions such as access to call logs and to contact listswhich they use to extort users when they object to absurd payment requests.

ESET said SpyLoan detection has increased throughout 2023the threat is most prominent in Mexico, India, Thailand, Indonesia, Nigeria, the Philippines, Egypt, Vietnam, Singapore, Kenya, Colombia, and Peru.

As defend oneself from this threat? ESET recommends some general practices, which are always valid even when installing an app from Google Play.

First of all, always rely on financial institutions known, and secondly always carefully check the permissions required when installing a new app.

Last but not least, and always extremely important, read the reviews of users on Google Play, which often contain clues to the fraudulent nature of the app (especially negative ones, like the ones below).