McAfee has uncovered 15 malicious “SpyLoan” apps on Google Play, collectively downloaded over 8 million times.

These apps primarily target users in South America, Southeast Asia, and Africa, and have since been removed from the Play Store. However, their presence highlights the persistence of threat actors, even as law enforcement and platform policies aim to curb such threats.

The apps operate under the guise of financial tools offering quick loans. After users install them, they are validated via one-time passwords to confirm their location. They are then required to submit sensitive personal information, such as ID documents, banking details, and employment records. Exploiting permissions granted during installation, these apps collect extensive data, including contacts, SMS messages, call logs, and location data, which are later used for harassment and extortion.

Buy Me a Coffee

Once users accept a loan, they are subjected to high interest rates and constant harassment, with operators often contacting family members to pressure repayment.

Apps with Millions of Downloads

McAfee’s investigation revealed the following SpyLoan apps, with each amassing hundreds of thousands to over a million downloads:

  • Préstamo Seguro-Rápido, Seguro (1M downloads, Mexico)
  • Préstamo Rápido-Credit Easy (1M downloads, Colombia)
  • ได้บาทง่ายๆ-สินเชื่อด่วน (1M downloads, Senegal)
  • RupiahKilat-Dana Cair (1M downloads, Senegal)
  • ยืมอย่างมีความสุข – เงินกู้ (1M downloads, Thailand)
  • เงินมีความสุข – สินเชื่อด่วน (1M downloads, Thailand)
  • KreditKu-Uang Online (500K downloads, Indonesia)
  • Dana Kilat-Pinjaman kecil (500K downloads, Indonesia)

To stay safe, users are advised to read reviews, verify app developers, limit permissions, and ensure Google Play Protect is active. This discovery underscores the need for increased vigilance when downloading financial apps.

READ
RomCom Cybercrime Group Exploits Zero-Day Chain to Target Firefox and Tor Users