Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

15 SpyLoan Android apps found on Google Play had over 8 million installs

McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs. 15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa. SpyLoan apps exploit social engineering to gain sensitive user data and excessive […]

SpyLoan Android apps

McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs.

15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa.

SpyLoan Android apps

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss.

Some of the malicious apps were promoted through deceptive advertising on social media.  

The researchers reported the apps to Google who notified the developers that their apps violate Google Play policies. Some apps were suspended by Google from Google Play while others were updated by the developers. 

SpyLoan activity has surged, with malicious apps and infected devices increasing over 75% from Q2 to Q3 2024, highlighting their growing mobile threat presence.

“SpyLoan apps are intrusive financial applications that lure users with promises of quick and flexible loans, often featuring low rates and minimal requirements. While these apps may seem to offer genuine value, the reality is that these apps primarily exist to collect as much personal information as possible, which they then may exploit to harass and extort users into paying predatory interest rates.” reads the report published McAfee. “They employ questionable tactics, such as deceptive marketing that highlights time-limited offers and countdowns, creating a false sense of urgency to pressure users into making hasty decisions. Ultimately, rather than providing genuine financial assistance, these apps can lead users into a cycle of debt and privacy violations. “

SpyLoan apps exploit official app stores like Google Play, deceptive branding, and social media ads to appear credible. They mimic financial institutions, display privacy policies, and use tactics like countdown timers and OTP verification to pressure users into providing sensitive data.

Upon installation, the apps request unnecessary permissions for a loan app, including access to contacts, SMS, storage, calendar, phone call records, and the microphone or camera.

Victims of SpyLoan apps face threats, personal data misuse, and harassment, including intimidating calls, misuse of photos/IDs, and contact spamming to friends and family.

Authorities in Peru raided a call center tied to SpyLoan apps that extorted 7,000+ victims in Peru, Mexico, and Chile. Similar scams were reported globally.

“The threat of Android apps like SpyLoan is a global issue that exploits users’ trust and financial desperation.” concludes the report. “By reusing code and tactics, they can efficiently target different countries, often evading detection by authorities and creating a widespread problem that is difficult to combat. This networked approach not only increases the scale of the threat but also complicates efforts to trace and shut down these operations, as they can easily adapt and relocate their operations to new regions.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google Play)