January 20, 2025
  • ‘SpyLoans’, the new masquerading Android loan apps, are a grave risk to data security.
  • There has been a noticeable spike in these fraudulent apps in 2023, warns ESET.
  • Users primarily in Southeast Asian, African, and Latin American regions are prone to these apps.

Android users have had their fair share of challenges. Nowadays, the real issue is ‘SpyLoan’ apps that are frequently appearing in the app store.

Deceptive loan apps on Android platforms have seen a disturbing rise this year, reveals an investigation by the ESET researchers. These phony apps, posing as legitimate loan services, promise instant cash. Still, they are in reality crafted to trick users with high-rate loans under false pretexts, while siphoning off personal and financial data for blackmailing. The apps, called SpyLoans due to their nature as spyware and loan offers, are mainly spread through social media, text messages, bogus websites, third-party app stores, and even Google Play.

Fake Loan Apps on the Rise in Android, Cautions ESET

ESET found 18 SpyLoan apps and reported them to Google. Consequently, Google Play removed 17 of these apps. These apps had over 12 million downloads before being taken off. One app changed its function, leading ESET to no longer consider it a SpyLoan app.

Regardless of the source of download, all SpyLoan apps exhibit identical behaviours due to the common underlying code. Targeted users are therefore exposed to the same risks and features.

The strategies undertaken by these perpetrators are confined to mobile apps as they provide broader access to sensitive data than web browsers, hence aiding their blackmail operations. Mostly active in countries such as Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore, these app operators even resort to extreme measures like death threats.

Additionally, these apps also engage in digital usury. The total annual cost of these loans is much higher than advertised, and the repayment periods are significantly shorter. Some victims were forced into paying off loans in just five days, with total annual costs ranging from 160% to 340%.

Vigilance Against Financial Scams, A Must

Lukáš Štefanko, an integral part of ESET’s investigative team, notes that these malicious apps take advantage of the trust users have in legitimate loan services. He further emphasizes the need for users being vigilant and verifying financial apps, to not fall prey to such scams.

ESET Research traced the origin of these SpyLoan apps to 2020. When a user installs these apps, they are immediately required to accept the terms of service and give broad permissions to access their sensitive data. If they do not grant these permissions, the loan will not be processed. The user would have to submit a great deal of personal information to proceed with the loan application.

In 2022, ESET highlighted to Google about over 20 malignant loan apps that had a combined downloads of over 9 million. Google subsequently removed them. Similarly, Lookout, a security firm, identified 251 dubious Android apps and 35 iOS apps that exhibited predatory behaviors. Both Google and Apple were informed and took necessary actions against these apps.

However, ESET’s telemetry data shows a surge in SpyLoan app detections from January 2023, mainly from unofficial third-party app stores and various websites.

Google has been taking measures to safeguard Android and Google Play users. Google’s 2022 security summary outlined some of these, which included new regulations for personal loan apps in various regions.

Scammers, however, continue to promote these phony apps through text messages and social media platforms, targeting individuals in need of money.

Cases of Impersonations in SpyLoan Apps

ESET has found another alarming element, impersonation, in some SpyLoan apps. Impersonation involves the misuse of names and branding of established, legitimate entities, thereby deceiving unsuspecting users.

The data drawn from the user’s device is extensive and includes their account list, call logs, calendar events, details about the device, installed apps, local Wi-Fi networks, and even file information. The stolen data is then encrypted and transmitted to the Command and Control server. ESET Research suggests that the primary intent behind the permissions asked by SpyLoan apps is to spy, and thereby harass and blackmail users.

Once such an app is installed, and personal data is harvested, the app operators start pressuring the victims into making payments, irrespective of whether they applied for a loan or got approved for one.

Štefanko notes that the rapid growth of SpyLoan apps attributes to the app developers drawing inspiration from successful Financial Technology services. The increasing threat of these fake apps, especially for users in the targeted regions, pinpoints the significance of vigilance and having a close watch at loan-related apps.

#### Topic Related FAQs:

##### What are SpyLoan Apps?
SpyLoan apps are fraudulent loan apps that pose as legitimate personal loan services. These apps trick users into accepting loans with high-interest rates and short repayment terms, while covertly harvesting their personal and financial data. This information is then used to stringent blackmail users, even extending to death threats. SpyLoan operators are mostly active in Southeast Asia, Africa, and Latin America.

##### What is the aim behind SpyLoan Apps?
SpyLoan apps exist primarily to dupe unsuspecting users, exploiting their trust in genuine loan providers. These apps implement sophisticated tactics to deceive users and extract a range of personal information. They then utilize this data to spy on, harass and blackmail them. Scammers also resort to excessive measures, such as death threats, to extract repayments.

##### How can I protect myself from SpyLoan Apps?
To avoid falling prey to SpyLoan apps, users should practice extreme caution and verify the authenticity of loan apps and services before using them. Users can rely on trustworthy sources and also stay informed about the latest scams in the market. When installing any financial apps, especially those dealing with loans, scrutiny of the app’s behavior, permissions requested, and the amount of sensitive data it seizes should be carefully evaluated. Additionally, users should be wary of any loans promising quick money or easy repayments, as these too often are scam strategies.