BlogNews30TH NOV 2024
AuthorSamir Yawar
3 min read
News

SpyLoan Malware Apps Resurface on Google Play with 8 Million Downloads

Twitter
Facebook
WhatsApp
Email
LinkedIn
Spyloan malware apps feature image

A new wave of 15 SpyLoan malware apps has been discovered on Google Play, collectively amassing over 8 million downloads. These malicious apps primarily target users in South America, Southeast Asia, and Africa, exploiting victims under the guise of providing fast-track loan approvals.

SpyLoan Malware - Discovery and Removal

The malicious apps were uncovered by McAfee, a member of the App Defense Alliance, which collaborates to identify and remove harmful apps from the Google Play Store. While these apps have now been removed, their presence highlights the persistence of threat actors.

Despite previous law enforcement crackdowns, including a significant removal of over a dozen SpyLoan apps in December 2023 (which had amassed 12 million downloads), SpyLoan operators continue to evade detection and exploit unsuspecting users.

How SpyLoan Malware Apps Operate

Deceptive Loan Offers

SpyLoan apps pose as financial tools offering quick loans with minimal requirements. Users are lured by false promises but face severe consequences once they engage.

A few of Spyloan malware apps on Google Play
A look at malware apps on Google Play | Source: McAfee
  1. Data Collection

    • After installation, the apps validate users with a one-time password (OTP) to ensure they are located in the target region.

    • Users are then asked to submit sensitive data, including identification documents, employee details, and bank account information.

  2. Device Exploitation

    • SpyLoan apps abuse device permissions to harvest extensive data such as:

      • Contact lists

      • SMS messages

      • Call logs

      • GPS location

      • Camera access

  3. Extortion and Harassment

    • Borrowers are bound to high-interest repayments.

    • Stolen data is used to harass and blackmail victims, often targeting their family members to apply additional pressure.

Widespread Impact: 8 Million Installs

McAfee's investigation revealed the scale of the operation, with the following apps being the most downloaded:

App Name

Downloads

Primary Target

Préstamo Seguro-Rápido, Seguro

1,000,000

Mexico

Préstamo Rápido-Credit Easy

1,000,000

Colombia

ได้บาทง่ายๆ-สินเชื่อด่วน

1,000,000

Senegal

RupiahKilat-Dana cair

1,000,000

Senegal

ยืมอย่างมีความสุข – เงินกู้

1,000,000

Thailand

เงินมีความสุข – สินเชื่อด่วน

1,000,000

Thailand

KreditKu-Uang Online

500,000

Indonesia

Dana Kilat-Pinjaman kecil

500,000

Indonesia

Staying Safe from SpyLoan Apps

Although Google Play employs stringent app review policies, SpyLoan operators continue to find ways to bypass these safeguards. To minimize risk, users should:

  • Read User Reviews: Look for warning signs from other users before downloading apps.

  • Check Developer Reputation: Avoid apps from unknown or poorly rated developers.

  • Limit Permissions: Grant only necessary permissions when installing apps.

  • Enable Google Play Protect: Ensure this feature is active to detect potentially harmful apps.

Conclusion

SpyLoan apps remain a persistent threat, especially in regions with high financial vulnerability. While platforms like Google Play strive to enhance security measures, users must remain vigilant to avoid falling victim to these malicious schemes.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
SpyLoan apps are malicious applications posing as financial tools that offer quick loans but exploit users by collecting sensitive data and engaging in extortion and harassment.
Over 8 million installs were identified across 15 apps targeting users in South America, Southeast Asia, and Africa.