SpyLoan Scams Target Android Users With Deceptive Apps

Written by

Security researchers have uncovered a surge in deceptive Android loan apps since the beginning of 2023. 

These applications, posing as legitimate personal loan services, attract users with promises of quick and easy access to funds. However, their true intent is to defraud users by offering high-interest-rate loans and collecting personal and financial information for potential blackmail.

These apps, collectively identified by ESET as “SpyLoan” due to their spyware functionality combined with loan claims, exhibit alarming patterns. 

In an advisory published on December 5, ESET malware researcher Lukas Stefanko, said these malicious loan apps request sensitive user information, exfiltrating it to attackers’ servers. Subsequently, this data is used for harassment and blackmail, even if a loan was not granted.

SpyLoan Apps Found on Google Play

The firm’s telemetry data shows a significant spike in SpyLoan app instances on unofficial app stores, Google Play and various websites since the beginning of the year, with detections soaring by nearly 90% from H2 2022 to H1 2023.

ESET, a member of the App Defense Alliance and active participant in a malware mitigation program with Google, said it has identified and reported 18 SpyLoan apps to Google, resulting in the removal of 17 apps from Google Play. 

The research emphasized that despite the source, each instance of a SpyLoan app behaves identically due to the same underlying code.

SpyLoan detections, as outlined in ESET’s telemetry, primarily occur in countries like Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria and Singapore. 

The findings underscore the exploitation of users seeking financial assistance online and emphasize the importance of caution and validation when using financial apps. 

The research further recommends that users stick to official sources, use security apps, scrutinize user reviews, examine privacy policies and take preventive actions in case of victimization.

“Even after several takedowns, SpyLoan apps keep finding their way to Google Play and serve as an important reminder of the risks borrowers face when seeking financial services online,” reads the advisory.

“By staying informed and vigilant, users can better protect themselves from falling victim to such deceptive schemes.” 

Read more on Android malware: GoldDigger Android Trojan Drains Victim Bank Accounts 

What’s hot on Infosecurity Magazine?