ESET detected a fraudulent campaign on Google Play.
Researchers from the Slovak company ESET have identified 18 malicious loan apps in the Google Play store. According to statistics, these programs have already been downloaded more than 12 million times.
ESET tracks the activity of applications under the general name SpyLoan. The developers goal is to issue loans to users from Southeast Asia, Africa, and Latin America at an inflated interest rate. At the same time, attackers collect personal and financial data of victims for subsequent blackmail, embezzlement of funds and surveillance.
In particular, they fake privacy policies that explain why programs need access to media files, camera, contacts, call history, SMS, and calendar.
Here is the full list of detected apps that are currently removed from Google Play:
According to experts, the main distribution channels for these programs are SMS messages and social networks. You can also download them on some fraudulent websites and unofficial Android apps.
"None of these services allow you to request a loan through a website," explained Lukasz Stefanko, an expert at ESET. — The reason is that criminals will not be able to access the user's confidential data on their smartphone via the browser. And it is this information that they need for subsequent blackmail and extortion."
It is known that the SpyLoan campaign has been running since 2020.
To ensure that users can protect themselves, experts recommend downloading programs exclusively from trusted official sources, as well as carefully studying reviews and requested permissions before installing.
Researchers from the Slovak company ESET have identified 18 malicious loan apps in the Google Play store. According to statistics, these programs have already been downloaded more than 12 million times.
ESET tracks the activity of applications under the general name SpyLoan. The developers goal is to issue loans to users from Southeast Asia, Africa, and Latin America at an inflated interest rate. At the same time, attackers collect personal and financial data of victims for subsequent blackmail, embezzlement of funds and surveillance.
In particular, they fake privacy policies that explain why programs need access to media files, camera, contacts, call history, SMS, and calendar.
Here is the full list of detected apps that are currently removed from Google Play:
- AA Kredit: इंस्टेंट लोन ऐप
- Amor Cash: Préstamos Sin Buró
- Oro Préstamo — Efectivo rápido
- Cashwow
- CrediBus Préstamos de crédito
- ยืมด้วยความมั่นใจ — ยืมด่วน
- PréstamosCrédito — GuayabaCash
- Préstamos De Crédito-YumiCash
- Go Crédito — de confianza
- Instantáneo Préstamo
- Cartera grande
- Rápido Crédito
- Finupp Lending
- 4S Cash
- TrueNaira — Online Loan
- EasyCash
- สินเชื่อปลอดภัย — สะดวก
According to experts, the main distribution channels for these programs are SMS messages and social networks. You can also download them on some fraudulent websites and unofficial Android apps.
"None of these services allow you to request a loan through a website," explained Lukasz Stefanko, an expert at ESET. — The reason is that criminals will not be able to access the user's confidential data on their smartphone via the browser. And it is this information that they need for subsequent blackmail and extortion."
It is known that the SpyLoan campaign has been running since 2020.
To ensure that users can protect themselves, experts recommend downloading programs exclusively from trusted official sources, as well as carefully studying reviews and requested permissions before installing.
