More than 12 million users unwittingly downloaded SpyLoan Android apps from Google Play, which posed as legitimate financial services offering quick loans. Discovered by cybersecurity firm ESET, these apps steal extensive personal data, including account details and location information.
Following high-interest payments, threat actors blackmail victims for money. Despite Google’s removal of 17 malicious apps, one persisted with altered permissions. These fraudulent SpyLoan apps, active since 2020, exploit legitimate-looking websites and comply with privacy policies to infiltrate Google Play.
They misuse permissions, such as accessing call logs and contact lists, for extortion. The apps violate Google’s Financial Services policy by imposing arbitrary loan tenures and threatening users. To defend against SpyLoan, users are advised to rely on reputable financial institutions, scrutinize app permissions, and read Google Play user reviews for potential fraud indicators. ESET reported an increased SpyLoan detection in 2023, with a global impact, especially in Mexico, India, and Thailand. The apps, though complying with privacy policies, go beyond necessary data collection for financial services, aiming to spy, harass, and blackmail users and their contacts. Users are urged to exercise caution and prioritize established financial institutions for security.