A surge in deceptive loan apps, bearing the seemingly innocuous name SpyLoan, has struck over 12 million Android users in 2023 through Google Play alone. The actual figure is likely higher, considering their presence on third-party stores and dubious websites.
SpyLoan Android Malware is Hiding on Google Play
Google PlayStore has many apps that users can download, but be careful before you install one since SpyLoan lives deep within the platform. This dangerous malware can access your personal account secretly.
According to Bleeping Computer, the SpyLoan Android threat operates under the guise of legitimate financial services, promising swift access to funds. However, it conceals a sinister agenda-pillaging personal data.
Victims unknowingly surrender sensitive information, including account details, device specifics, call logs, installed apps, calendar events, Wi-Fi network particulars, and image metadata. The risk spectrum extends to contacts, location data, and text messages.
"While these SpyLoan apps technically comply with the requirements of having a privacy policy, their practices clearly go beyond the scope of data collection necessary for providing financial services and complying with the KYC banking standards. We believe the real purpose of these permissions is to spy on the users of these apps and harass and blackmail them and their contacts," ESET explains.
Related Article: Google Swiftly Resolves Chrome Zero-Day Exploitation by Spyware Vendor
ESET Saw 18 SpyLoan Apps
ESET, a cybersecurity company, discovered 18 SpyLoan apps since the year began. Google, upon ESET's alert, eradicated 17 malicious apps. One app, cunningly altering permissions and functionality, now eludes SpyLoan detection.
SpyLoan surfaced in 2020 but gained prominence last year, infiltrating both Android and iOS. ESET's data reveals a rising SpyLoan detection trend in 2023, with Mexico, India, Thailand, Indonesia, Nigeria, the Philippines, Egypt, Vietnam, Singapore, Kenya, Colombia, and Peru witnessing higher risks.
Tricks of the Trade
To penetrate Google Play, SpyLoan apps adopt compliant privacy policies and adhere to Know Your Customer (KYC) standards. Requests for permissions seem innocuous, linking users to counterfeit company sites, complete with fake employee and office photos.
SpyLoan breaches Google's Financial Services policy by arbitrarily shortening loan tenures and resorting to intimidation tactics. Privacy policies mask true intentions, justifying intrusive permissions like accessing call logs and contact lists for extortion purposes.
Guarding Against SpyLoan Threats
To shield against SpyLoan, exercise caution and trust established financial institutions. Scrutinize app permissions meticulously during installation and peruse user reviews on Google Play for potential red flags exposing fraudulent nature. Vigilance remains the key to safeguarding personal data in the face of evolving cyber threats.
In July, the US blacklisted two spyware firms which are said to be under the control of a former Israeli general.
According to the reports, the Commerce Department banned the companies because they believed that they were threats to the national security and privacy of the country.
One of the blacklisted spyware giant is the NSO Group, a notorious group of hackers behind the infamous Pegasus spyware.
Pegasus is considered to be a mercenary spyware which is used to victimize government personnel. Aside from that, it even targeted organizations, politicians, activists, and even journalists from various publications.
Elsewhere, a Tech Times report says that foreign governments are using "push notification spying" to spy over users. For other officials, this is an area of concern involving the intrusive data-gathering practice from Apple and Google.
Read Also: Hackers Target Nissan's Systems in Australia New Zealand in the Latest Cyberattack
