An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India. The app falls under a group of malicious Android applications called "SpyLoan," which pretend to be legitimate financial tools or loan services but instead steal data from devices for use in predatory lending. To evade detection on Google Play, Finance Simplified loads a WebView to redirect users to an external website from where they download a loan app APK hosted on an Amazon EC2 server. "The Finance Simplified app appears to target Indian users specifically by displaying and recommending loan applications, loading a WebView that shows a loan service that redirects to an external website where a separate loan APK file is downloaded," explains CYFIRMA. Cybersecurity firm CYFIRMA has discovered an Android app named "Finance Simplified" that claims to be a financial management application and has amassed 100,000 downloads on Google Play. Multiple user reviews for Finance Simplified on Google Play show that the app offers lending services that attempt to extort borrowers if they don't pay high interest rates. Google's Play Protect tool detects and blocks known malware and predatory apps, so ensure it's active on your device. However, CYFIRMA states that the app displays more malicious behavior in certain countries, like India, where it steals data from user's devices to be used in predatory lending. The more worrying aspect of the malware's activity is the data collection, which includes sensitive personal information stored on the user's device. However, upon installation, they request excessive permissions, allowing the apps to steal personal data such as contacts, call logs, SMS messages, photos, and device location. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Although the app has now been removed from Google Play, it may continue to run in the background, collecting sensitive information from infected devices. Although that data is primarily used for extorting the victims who made the mistake of applying for a loan, it may also be used for financial fraud or resold to cybercriminals for profit. "Very very very bad app they given low loan amount nd black mail to pay High otherwise photoes edited as a nude nd black mailing," reads a user review for the now-pulled app.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 21 Feb 2025 18:50:17 +0000