SpyLoan Scams Target Android Users With Deceptive Apps

Security researchers have uncovered a surge in deceptive Android loan apps since the beginning of 2023.
These applications, posing as legitimate personal loan services, attract users with promises of quick and easy access to funds.
Their true intent is to defraud users by offering high-interest-rate loans and collecting personal and financial information for potential blackmail.
In an advisory published today, ESET malware researcher Lukas Stefanko, said these malicious loan apps request sensitive user information, exfiltrating it to attackers' servers.
Subsequently, this data is used for harassment and blackmail, even if a loan was not granted.
The firm's telemetry data shows a significant spike in SpyLoan app instances on unofficial app stores, Google Play and various websites since the beginning of the year, with detections soaring by nearly 90% from H2 2022 to H1 2023.
ESET, a member of the App Defense Alliance and active participant in a malware mitigation program with Google, said it has identified and reported 18 SpyLoan apps to Google, resulting in the removal of 17 apps from Google Play.
The research emphasized that despite the source, each instance of a SpyLoan app behaves identically due to the same underlying code.
The findings underscore the exploitation of users seeking financial assistance online and emphasize the importance of caution and validation when using financial apps.
The research further recommends that users stick to official sources, use security apps, scrutinize user reviews, examine privacy policies and take preventive actions in case of victimization.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 05 Dec 2023 16:45:25 +0000


Cyber News related to SpyLoan Scams Target Android Users With Deceptive Apps

SpyLoan Android malware on Google Play downloaded 12 million times - More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious ...
10 months ago Bleepingcomputer.com
SpyLoan Scams Target Android Users With Deceptive Apps - Security researchers have uncovered a surge in deceptive Android loan apps since the beginning of 2023. These applications, posing as legitimate personal loan services, attract users with promises of quick and easy access to funds. Their true intent ...
10 months ago Infosecurity-magazine.com
Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction - There is a possibility that artificial intelligence models can be trained to deceive. According to a new research led by Google-backed AI startup Anthropic, if a model exhibits deceptive behaviour, standard techniques cannot remove the deception and ...
8 months ago Cysecurity.news
Unravelling Retirement Banking Scams and How To Protect Yourself - In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. According to the FBI, in 2020 alone, financial scams targeting seniors netted more than $1 billion. It's a quiet crisis that we need to address, and ...
8 months ago Hackread.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
8 months ago Securityzap.com
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
9 months ago Cysecurity.news
How Criminals Are Leveraging AI to Create Convincing Scams - Cybercriminals create far more sophisticated scams with generative AI than traditional phishing scams. According to Visa research, scammers are fooling even the savviest internet users by launching pig butchering, inheritance, humanitarian relief ...
4 months ago Tripwire.com
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
4 months ago Security.googleblog.com
Best of 2023: Why is everyone getting hacked on Facebook? - Importantly, phishing relies on the victim trusting the scammer and taking an action - like clicking a link or sending bank account information - in order for the scammer to get what they want. It's not your imagination - social media scams really ...
9 months ago Securityboulevard.com
More Android apps riddled with malware spotted on Google Play - An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but ...
8 months ago Bleepingcomputer.com
Crypto scam apps infiltrate Apple App Store and Google Play - Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. Pig butchering scams have been happening for a few ...
1 year ago Bleepingcomputer.com
UK to block all Social Media Scams - Starting May 2024, residents of the United Kingdom can breathe a sigh of relief, as social media platforms operating in the country have collectively committed to combating a range of scams on their respective networks. This includes everything from ...
10 months ago Cybersecurity-insiders.com
Netcraft Report Surfaces Spike in Online Healthcare Product Scams - A report published today by Netcraft, a provider of cybersecurity services, finds the volume of online scams relating to healthcare that are emanating from inexpensive top-level domains is spiking-accounting for as much as 60% of daily domain ...
8 months ago Securityboulevard.com
Halting Hackers on the Holidays 2023 Part II: The Apps You Trust - Most free flashlight apps are creepware - also known as malware that spies on you and your online behavior and could pass along information to others. The problem doesn't begin and end with flashlight apps, though. Many seemingly innocuous apps that ...
9 months ago Cyberdefensemagazine.com
Investment Scams Grow, 13,000 Domains Detected in January 2024 - Internet security experts have detected and blocked nearly 13,000 fake investment platform domains across more than 7000 IPs in January 2024, a 25% increase from December 2023. The figure comes amid growing concerns over the escalating threat of ...
6 months ago Infosecurity-magazine.com
Android App Security Alert: Proactive Measures to Prevent Unauthorized Control - The latest security alert comes from Microsoft's team who discovered a new vulnerability that may give hackers complete control of your smartphone. The latest security alert is triggered by the discovery of a new security flaw which can allow hackers ...
5 months ago Cysecurity.news
Romance Scammers are Adopting Approval Phishing Tactics - Romance scams are labor-intensive and time-consuming schemes to run. They can be lucrative, pulling in millions in stolen cryptocurrency, but they also can end up going nowhere if the targeted victim becomes suspicious or the bad actor decides there ...
9 months ago Securityboulevard.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
1 week ago Techtarget.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
1 year ago Thehackernews.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
4 months ago Bleepingcomputer.com
Facebook Marketplace Is Being Ruined by Zelle Scammers - Some scams encourage people to upgrade their Zelle accounts to a business tier to receive money from a buyer, according to the Better Business Bureau, and come from emails mimicking Zelle, but with different domains. That upgrade appears to cost ...
9 months ago Wired.com
Fraudsters Successfully Inserted Cryptocurrency Programs into Apple and Google's App Stores - Scammers were able to get two malicious apps onto the app stores of both Google and Apple, allowing them to trick users into investing in fake cryptocurrency. According to a report from Sophos, the apps, Ace Pro and MBM BitScan, were found on both ...
1 year ago Therecord.media
US detains suspects behind $80 million 'pig butchering' scheme - The U.S. Department of Justice charged four suspects for their alleged involvement in a pig butchering fraud scheme that resulted in more than $80 million in victim losses. A seven-count indictment on Wednesday linked four suspects, Lu Zhang, Justin ...
9 months ago Bleepingcomputer.com
Snowblind malware abuses Android security feature to bypass security - A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. Snowblind's goal is to repackage a target app to make them ...
3 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)