SpyLoan Malware Apps Used to Blackmail, Extort Users Using Personal Data Detected on Play Store

Android smartphones are at risk of malicious loan apps that were downloaded several million times from the Google Play store, according to details shared by security researchers. As many as 18 apps identified as ‘SpyLoan‘ malware were spotted on the store over the course of this year. These predatory lending apps are designed to collect vast amounts of information from a user’s device when they borrow money— these are later used to blackmail and extort them into repaying the sum with high interest amounts.

ESET researchers have revealed details of the apps used by loan sharks to deceive users and the various methods used to bypass some of the restrictions put in place on the Play Store. The malware is typically designed with attractive user interfaces and advertise easy and quick access to funds, with high-interest repayment terms. The apps reportedly target users living in Africa, Latin America, and Southeast Asia.

In addition to completing the required documentation and Know Your Customer (KYC) identification required to publish their apps on the Play Store, these SpyLoan apps are also designed to show (or link to) official-looking websites that contain fake information with details and photos of employees sourced from stock image websites.

While the loaned amount is disbursed to users, these predatory loan apps ask users to share different kinds of sensitive information by granting different permissions on their phone, including access to the camera, contacts, messages, and call-logs, images, Wi-Fi network details, calendar information and other personal information. These are then exfiltrated to the servers of the loan sharks.

Instead of providing users with enough time to repay the loaned amount, the SpyLoan apps will reduce the amount of time before a user can repay the amount to a few days — in clear violation of Google’s Financial Services policy that a loan tenure cannot be set for less than 60 days. One of the reviews left by users states that they had to repay 450 pesos (roughly Rs. 2,160) with an interest of 549 pesos (roughly Rs. 2,640) — paying a total of 999 pesos (roughly Rs. 4,800).

SpyLoan apps attempting to access a user’s personal information
Photo Credit: Screenshot/ ESET

In order to push users to repay the short term, high interest rate loans, the apps use the data exfiltrated from their phones to blackmail them into repaying the loaned amount with a high rate of interest.

ESET says that out of the 18 apps it previously disclosed to Google, the search giant removed 17 apps. The last app is still available on the app store as a new version of the app was published to the Play Store and it does not offer the same functionality or feature the same permissions.

The list of apps detected by ESET include 4S Cash, AA Kredit, Amor Cash, Cartera grande, Cashwow, CrediBus, EasyCash, EasyCredit, Finupp Lending, FlashLoan, Go Crédito, GuayabaCash, Instantáneo Préstamo, Préstamos De Crédito-YumiCash, PréstamosCrédito, Rápido Crédito, TrueNaira.

While these apps have been removed from the Play Store, they will remain on the devices of users who have these apps installed until they manually remove them. If you have any of these apps installed on your smartphone, you should uninstall them right away.