Dec 11^th – At least 18 malicious financial services apps have been downloaded from the Google Play store over 12 million times in the last year alone. These malicious apps steal personal data from devices, including device info, call logs, installed apps, calendar events, local Wi-Fi network details, metadata from images and more.

The cyber security community has dubbed this collection of apps “SpyLoan” apps, based on the fact that they promise quick and easy financial management assistance, largely in the form of personal loans.

However, the apps dupe users into accepting high-interest payments, after which the threat actor blackmails victims until they repay the money.

SpyLoan app development

These types of apps were first identified in 2020. However, starting in 2023, they started to become fairly prevalent on both Android and iOS systems, according to cyber security researchers.

The apps have been found on phones in countries such as India, Mexico, Thailand, Indonesia, Nigeria, Egypt, Singapore, Colombia, Vietnam and Peru.

To land on the Google Play store, app creators ensured that the apps were compliant with required privacy policies, that they follow the know your customer (KYC) standards, and that they had transparent permission requests.

High levels of risk

SpyLoan applications breach Google’s financial services policy by unilaterally reducing the duration of personal loans to a few days (or another arbitrary timeframe). Users are subjected to intimidation and risk of public humiliation if they refuse to comply.

Moreover, the details within the privacy policies are misleading, providing seemingly valid justifications for acquiring permissions that pose significant risks to users.

For example, the purported need for camera permissions to facilitate photo data uploads and required access to the user’s calendar for payment scheduling purposes represent false pretenses to pursue highly invasive, and ill-intended practices.

For more on this story, click here.