Cybersecurity researchers at Cyfirma have uncovered a concerning trend in India, where hackers are exploiting the rising demand for digital financial services by using fake loan applications to target Android users. These malicious apps, designed to entice users with instant credit offers, go beyond stealing personal and financial information, extending to identity theft and financial fraud. The large user base in India, coupled with a growing reliance on mobile-based financial transactions, makes individuals susceptible to such fraudulent schemes. The researchers specifically found that hackers from Pakistan are actively involved in targeting Indian Android users through these deceptive loan applications.
The malicious Android packages discovered by Cyfirma’s team lure users into taking out fake loans, tricking them with promises of instant credit while stealthily extracting personal information. The threat actors behind these fake loan apps use manipulative tactics, including extorting money from users and threatening to share manipulated nude images. The apps exploit minimal permissions, such as accessing contacts, call logs, and the camera, for extortion purposes. The low obfuscation techniques employed by these apps help them evade detection by many antivirus programs, posing a serious threat to non-tech-savvy individuals who may unknowingly become victims of financial exploitation.
Cyfirma’s investigation revealed that the malicious app operates as an instant loan application, but its real intention is to exploit KYC details for money extortion. The cybersecurity team identified major permissions exploited by the app, including reading call logs and fetching contacts. Social engineering techniques were employed to uncover Pakistan-based threat actors connected to India through Instagram, WhatsApp chats, and UPI payment methods. The collaboration among these threat actors suggests fund redirection, and the post-compromise extortion trend poses significant challenges for individuals who may succumb to financial threats, driven by fear and manipulation through fake loan apps.