Tag: android malware

SpyLoan Malware Apps Used to Blackmail, Extort Users Using Personal Data Detected on Play Store

Android smartphones are at risk of malicious loan apps that were downloaded several million times from the Google Play store, according to details shared by security researchers. As many as 18 apps identified as ‘SpyLoan‘ malware were spotted on the store over the course of this year. These predatory lending apps are designed to collect vast amounts of information from a user’s device when they borrow money— these are later used to blackmail and extort them into repaying the sum with high interest amounts.

ESET researchers have revealed details of the apps used by loan sharks to deceive users and the various methods used to bypass some of the restrictions put in place on the Play Store. The malware is typically designed with attractive user interfaces and advertise easy and quick access to funds, with high-interest repayment terms. The apps reportedly target users living in Africa, Latin America, and Southeast Asia.

In addition to completing the required documentation and Know Your Customer (KYC) identification required to publish their apps on the Play Store, these SpyLoan apps are also designed to show (or link to) official-looking websites that contain fake information with details and photos of employees sourced from stock image websites.

While the loaned amount is disbursed to users, these predatory loan apps ask users to share different kinds of sensitive information by granting different permissions on their phone, including access to the camera, contacts, messages, and call-logs, images, Wi-Fi network details, calendar information and other personal information. These are then exfiltrated to the servers of the loan sharks.

Instead of providing users with enough time to repay the loaned amount, the SpyLoan apps will reduce the amount of time before a user can repay the amount to a few days — in clear violation of Google’s Financial Services policy that a loan tenure cannot be set for less than 60 days. One of the reviews left by users states that they had to repay 450 pesos (roughly Rs. 2,160) with an interest of 549 pesos (roughly Rs. 2,640) — paying a total of 999 pesos (roughly Rs. 4,800).

SpyLoan apps attempting to access a user’s personal information
Photo Credit: Screenshot/ ESET

 

In order to push users to repay the short term, high interest rate loans, the apps use the data exfiltrated from their phones to blackmail them into repaying the loaned amount with a high rate of interest.

ESET says that out of the 18 apps it previously disclosed to Google, the search giant removed 17 apps. The last app is still available on the app store as a new version of the app was published to the Play Store and it does not offer the same functionality or feature the same permissions.

The list of apps detected by ESET include 4S Cash, AA Kredit, Amor Cash, Cartera grande, Cashwow, CrediBus, EasyCash, EasyCredit, Finupp Lending, FlashLoan, Go Crédito, GuayabaCash, Instantáneo Préstamo, Préstamos De Crédito-YumiCash, PréstamosCrédito, Rápido Crédito, TrueNaira.

While these apps have been removed from the Play Store, they will remain on the devices of users who have these apps installed until they manually remove them. If you have any of these apps installed on your smartphone, you should uninstall them right away.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Daam Virus That Steals Call Logs, History and Accesses Cameras Spreading on Android Phones, CERT-in Warns

An Android malware called ‘Daam’ that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera has been found to be spreading, the national cyber security agency has said in its latest advisory.

The virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”, the Indian Computer Emergency Response Team or CERT-In said.

The agency is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks.

The Android botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources, the agency said.

“Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc,” the advisory said.

‘Daam’ is also capable of hacking phone call recordings, contacts, gaining access to camera, modifying device passwords, capturing screenshots, stealing SMSes, downloading/uploading files, etc. and transmitting to the C2 (command-and-control) server from the victim’s (affected persons) device, the advisory said.

The malware, it said, utilises the AES (advanced encryption standard) encryption algorithm to code files in the victim’s device.

Other files are then deleted from the local storage, leaving only the encrypted files with “.enc” extension and a ransom note that says “readme_now.txt”, the advisory said.

The central agency suggested a number of do’s and don’ts to avoid getting attacked by such viruses and malware.

The Cert-In advised against browsing “un-trusted websites” or clicking on “un-trusted links”. Caution should be exercised while clicking on any link provided in unsolicited emails and SMSes, it said. Install and maintain updated anti-virus and anti-spyware software, it suggested.

It also suggested that users should be on the lookout for “suspicious numbers” that don’t look like “real mobile phone numbers” as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.

“Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in the sender information field,” it said.

It also asked users to exercise caution towards shortened URLs (uniform resource locators), such as those involving ‘bitly’ and ‘tinyurl’ hyperlinks like: “http://bit.ly/” “nbit.ly” and “tinyurl.com/”.

Users are advised to hover their cursors over the shortened URLs to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL, the advisory suggested.

Samsung Galaxy A34 5G was recently launched by the company in India alongside the more expensive Galaxy A54 5G smartphone. How does this phone fare against the Nothing Phone 1 and the iQoo Neo 7? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Android Malware Infecting 60 Apps With Over 100 Million Downloads Discovered on Google Play Store: Details

A new Android malware has been discovered by a team of security researchers at McAfee. The malware, dubbed ‘Goldoson’, has infected 60 apps that have a total of over 100 million downloads on the Google Play Store. It can collect data on installed apps, Wi-Fi and Bluetooth-connected devices, and track location. Also, it can perform ad fraud by clicking ads in the background without the consent of users. Android users in South Korea are said to have been affected by the latest malware. Apps like Swipe Brick Breaker, Money Manager, and GOM Player have been affected by the malware.

Researchers at security software firm McAfee have identified the Android-based Goldoson malware. Once installed, it collects sensitive data including lists of applications installed, details about the devices paired through Wi-Fi and Bluetooth, and nearby GPS locations. McAfee also claims that the malware can perform ad fraud by clicking advertisements in the background without the user’s consent.

The infected apps on the Google Play Store have a total of over 100 million downloads. Applications from South Korea’s ONE store are also affected by the malware and they have been installed around 8 million times. These include L.POINT with L.PAY, Swipe Brick Breaker, and Money Manager Expense & Budget which have 10 million downloads on Android app stores.

GOM Player, Live Score, Real-Time Score, Pikicast, Compass 9: Smart Compass, GOM Audio, Lotte Word Magicpass, Bounce Brick Breaker, Infinite Slice, SomNote, Korea Subway Info: Metroid are some of the other apps impacted by Goldoson.

McAfee has also confirmed that the discovered apps were reported to Google, and the tech giant notified the developers that their apps affected by the malware. Many of the affected apps were said to be cleaned up by the developers while some were removed from Google Play for violating the company’s app store policies.

Android users with any of these apps on their phones should update them to the latest version. Users are also advised to avoid installing any unknown or suspicious apps on their smartphones. They should also re-check app permissions to limit access of third parties to their device hardware.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version