12M Android Users’ Data Stolen by Loan Applications

ESET Warns About Dangers of Fraudulent Android Loan Apps

ESET, a cybersecurity company, has issued a warning about the increasing prevalence of fraudulent lending applications on Android. These apps have been actively spreading since the beginning of 2023 and present themselves as legitimate loan services, promising quick and easy access to funds. However, their true intention is to deceive users by offering loans at high interest rates and collecting personal and financial data for blackmail and fund removal.

One such app identified by ESET is called SPYLOAN. As the name suggests, it reflects the espionage nature of these applications combined with loan proposals. These spyloan apps request various confidential information from users and transmit it to the attackers’ servers, which is then used for user pressure and blackmail, even if the loan was not provided.

Unofficial app stores, Google Play, and websites have witnessed a noticeable surge in the number of these fraudulent loan apps in the beginning of 2023. The main target audience for these apps seems to be potential borrowers in Southeast Asia, Africa, and Latin America.

As a partner of the Google App Defense Alliance, ESET has identified 18 spyloan apps and reported them to Google, resulting in the removal of 17 of them from the platform. However, prior to their removal, these apps were downloaded more than 12 million times on Google Play.

Users who have installed spyloan apps are subjected to threats and blackmail from the operators, even if they didn’t apply for a loan or their application was rejected. Reviews on Facebook and Google Play reveal disturbing cases of pressure and threats, including life threats. In addition to collecting data and engaging in blackmail, these malicious apps charge excessive interest rates on loans, which goes against the regulations protecting borrowers from such practices, especially in religious contexts.

To protect oneself from fraudulent loan apps, it is recommended to download programs only from official sources and use a reliable security application for Android that can help identify potentially malicious apps. It is also important to carefully read user reviews and the application’s privacy policy before installing them.

/Reports, release notes, official announcements.