These malicious Android loan apps could leave millions of users seriously out of pocket

News
By published

More than a dozen Android apps made it to the Play Store

Close-up hands counting money American dollars
(Image credit: NATNN / Shutterstock)

Cybersecurity researchers from ESET have discovered malicious loan apps stealing victim’s sensitive data and threaten them with ridicule unless they comply with absurd terms.

The researchers named the collection of over a dozen apps SpyLoan, which are being advertised as financial services tools for personal loans, offering “quick and easy access to funds”.

The team warned there have been more than 12 million combined downloads from the Play Store already, however, the apps are also being distributed via social media, third-party stores, and various websites, meaning the number of downloads is likely to be much higher.

Tricking Google

After the users sign up, the first red flag is the permissions - the app requests many permissions that it objectively doesn’t need, like access to the camera, call logs, or contacts list. If the user still proceeds and signs up for a loan, the app will soon reduce the tenure to mere days and threaten the victim with ridicule if they don’t comply. Given that the app has access to the contacts list, it would start notifying people in that list of the loan.

Furthermore, the app silently gathers plenty of sensitive data from the compromised endpoint - a list of all accounts, device info, call logs, installed apps, calendar events, local Wi-Fi network details, and metadata from images. ESET says that the app can also grab location data and text messages. 

SpyLoan apps are not exactly a novelty, the researchers claim, but they did pick up the pace in 2023. The majority of victims are located in Mexico, India, Thailand, Indonesia, Nigeria, Philippines, Egypt, Vietnam, Singapore, Kenya, Colombia, and Peru.

ESET also said that these apps made it past Google’s protections by being submitted with “compliant privacy policies, required KYC standards, and transparent permission requests.” However, they also link to websites that are obvious impersonations of actual companies.

Out of the 18 apps that were discovered, Google removed 17 from its app repository. The last one is now available with a new set of permissions and as such was allowed to stay.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
mobile phone
Popular Android financial help app is actually dangerous malware
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AI hallucinations

We're already trusting AI with too much – I just hope AI hallucinations disappear before it's too late
See more latest
Most Popular
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard