Esta compañía líder en detección proactiva de amenazas tecnológicas, analizó el crecimiento en el año que culmina de las apps maliciosas que recopilan y exflitran datos confidenciales de las víctimas
FeaturedFinancial security

ESET: Malicious loan apps for Android multiplied in 2023

This leading company in proactive detection of technological threats analyzed the growth in the current year of malicious apps that collect and exfiltrate confidential data from victims

“It is important to note that each instance of a SpyLoan application, regardless of its origin, behaves identically. If users download an app they will experience the same features and face the same risks, regardless of where they got the app from. It does not matter if the download comes from a suspicious website, from a third-party application store or even from Google Play: the behavior of the application will be the same in all cases,” explains Camilo Gutiérrez Amaya, Head of the Research Laboratory from ESET Latin America.

Since early 2023, researchers at ESET, a leading proactive threat detection company, have observed an alarming growth in deceptive Android applications that present themselves as legitimate personal loan services, promising quick and easy access to funds. These services are actually designed to scam users by offering them loans with high interest rates backed with misleading descriptions, while collecting their victims’ personal and financial information to blackmail them and ultimately obtain their funds.

ESET products recognize these applications using the detection name SpyLoan, which refers directly to their spyware functionality combined with loan claims.

Such apps were previously available on Google Play but are currently marketed through social media and SMS messages, and can be downloaded from scam websites and third-party app stores. As a partner of the Google App Defense Alliance, ESET identified and reported to Google 18 SpyLoan applications that had more than 12 million downloads on Google Play and 17 of them were subsequently removed. The last app identified by ESET is still available on Google Play, but since its developers changed its permissions and functionalities, it is no longer detected as a SpyLoan app.

According to ESET telemetry, the executors of these apps operate mainly in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, Chile, Philippines, Egypt, Kenya, Nigeria and Singapore. All of these countries have various laws that regulate private loans, not only their types, but also the transparency of their communication. Any detection outside these countries could be related to smartphones that have, for various reasons, access to a phone number registered in one of these countries.

How SpyLoan apps work

“There are several reasons for the rapid growth of SpyLoan applications. One of them is that its developers are inspired by successful FinTech services, which take advantage of technology to offer agile and easy-to-use financial services. FinTech applications and platforms are known for disrupting the traditional financial sector by offering convenience in terms of accessibility, allowing people, in a user-friendly manner, to perform various financial activities anytime, anywhere, using only their smartphones. On the contrary, the only thing that SpyLoan applications alter is trust in technology, financial institutions and similar entities,” says Gutiérrez Amaya, from ESET Latin America.

Once a user installs a SpyLoan app, they are asked to accept the terms of service and grant broad permissions to access sensitive data stored on the device. The app then requests user registration, which is typically done by verifying the one-time password via SMS to validate the victim’s phone number. These registration forms automatically select the country code, based on that of the victim’s phone number, ensuring that only people with phone numbers registered in the target country can create an account.

Once the phone number is verified, users access the loan application function of the application. To complete this process, users are forced to provide a large amount of personal information, including address details, contact information, proof of income, bank account information, and even upload photos of the front and back of their documents identity, and even a selfie.

SpyLoan applications pose a significant threat by stealthily extracting a wide range of personal information from unsuspecting users: they are capable of sending sensitive data to their command and control (C&C) servers. Data that is usually leaked includes the list of accounts, call logs, calendar events, device information, lists of installed applications, local Wi-Fi network information, and even information about the files on the device. Additionally, contact lists, location data and SMS messages are also vulnerable.

Legit vs. Malicious Loan Apps: How to Tell Them Apart

ESET shares a series of recommendations that users can use to protect themselves:

Go to official sources: Android users should avoid installing lending apps from unofficial sources and third-party app stores, and stick to trusted platforms like Google Play, which apply app review processes and security measures. Although this does not guarantee complete protection, it does reduce the risk of encountering fraudulent loan applications.

Use a security app: A reliable security app for Android protects the user from malicious lending apps and malware. Security apps provide an additional layer of protection by scanning and identifying potentially harmful apps, detecting malware, and warning users about suspicious activity.

Review scrutiny: When downloading apps from Google Play, it is important to pay close attention to user reviews. It is crucial to be aware of fake positive reviews. Borrowers should focus on negative reviews and carefully evaluate concerns raised by users, as they can reveal important information such as extortion tactics and the actual cost charged by the loan provider.

Privacy Policy and Data Access Review: Before installing a loan app, users should read its privacy policy, if available. This document often contains valuable information about how the application accesses and stores sensitive information. However, scammers can use misleading clauses or vague language to trick users into granting unnecessary permissions or sharing personal data. During installation, it is important to pay attention to the data to which the application requests access and ask whether the requested data is necessary for the functionality of the loan application.

To learn more about computer security, we invite you to visit the ESET news site: https://www.welivesecurity.com/es/investigaciones/app-prestamos-espian-usuarios-android/.

Conexión Segura, your podcast with timely verified information about computer security in the world, can be heard at: https://open.spotify.com/show/0Q32tisjNy7eCYwUNHphcw.

With information and image provided by ESET and Comstat Rowland Comunicaciones Estratégicas Integrales

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

You might also like
Business

Bancamiga increased its Debit Card limits

Featured

NASA celebrates 34 years in orbit of the Hubble telescope

Business

Caracas Stock Index closed at 62,436.86 points this Friday, April 26

Featured

Price of the BCV dollar this Friday, April 26

Cryptocurrencies

NuBank allows operations with Bitcoin, Ether and Solana in Brazil

Business

EU and China will strengthen cooperation in circular economy

More Stories

Twitch users will get rewards in cryptocurrencies

US citizen faces prison for bitcoin sales

MAN and Scania will launch urban electric buses in 2020