More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites.
SpyLoan Android threats steal from the device personal data that includes a list of all accounts, device info, call logs, installed apps, calendar events, local Wi-Fi network details, and metadata from images.
Researchers say that the risk also extends to contacts list, location data, and text messages.
Since the start of the year, cybersecurity company ESET, a member of the App Defense Alliance dedicated to detecting and eradicating malware from Google Play, has discovered 18 SpyLoan apps.
Google reacted to ESET's reporting and removed 17 of the malicious apps, while one of them is now available with a different set of permissions and functionality and is no longer detected as a SpyLoan threat.
SpyLoan apps were first seen in 2020 but starting last year they became more prevalent on both Android and iOS systems, according to ESET, Lookout, Zimperium, and Kaspersky.
ESET says the current distribution channels include fraudulent websites, software on third-party app stores, and Google Play.
To infiltrate Google Play, these apps are submitted with compliant privacy policies, follow the required know your customer standards, and have transparent permission requests.
In many cases, the fraudulent apps link to websites that are blatant ripoffs of legitimate company sites, even showing employee and office photos to create a false sense of authenticity.
SpyLoan apps violate Google's Financial Services policy by unilaterally shortening the tenure for personal loans to a few days or any other arbitrary period and threatening the user with ridicule and exposure if they don't comply.
What is mentioned in the privacy policies is deceptive, presenting seemingly legitimate reasons to obtain risky permissions.
The camera permission is supposedly needed to allow photo data uploads for KYC and access to the user's calendar to schedule payment dates and reminders, but those are extremely intrusive practices.
SpyLoan apps request permissions that shouldn't be needed at all, like access to call logs and contact lists, which they use for extorting users when they resist absurd payment demands.
To defend against the SpyLoan threat, only trust established financial institutions, carefully review the requested permissions upon installing a new app, and read user reviews on Google Play, which often contain clues about the fraudulent nature of the app.
Google Play adds security audit badges for Android VPN apps.
Fake 'RedAlert' rocket alert app for Israel installs Android spyware.
FjordPhantom Android malware uses virtualization to evade detection.
Avast confirms it tagged Google app as malware on Android phones.
Samsung Galaxy gets new Auto Blocker anti-malware feature.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 05 Dec 2023 14:30:14 +0000