An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India.
The app falls under a group of malicious Android applications called "SpyLoan," which pretend to be legitimate financial tools or loan services but instead steal data from devices for use in predatory lending.
These apps lure users with promises of quick and easy loans, often requiring little documentation and offering attractive terms. However, upon installation, they request excessive permissions, allowing the apps to steal personal data such as contacts, call logs, SMS messages, photos, and device location.
This harvested information is then exploited to harass, extort, and blackmail users, especially if they fail to meet the app's repayment terms.
Loan scams and extortion
Cybersecurity firm CYFIRMA has discovered an Android app named "Finance Simplified" that claims to be a financial management application and has amassed 100,000 downloads on Google Play.
However, CYFIRMA states that the app displays more malicious behavior in certain countries, like India, where it steals data from user's devices to be used in predatory lending. The researchers say they also discovered additional malicious APKs that appear to be variants of the same malware campaign, namely KreditApple, PokketMe, and StashFur.
Although the app has now been removed from Google Play, it may continue to run in the background, collecting sensitive information from infected devices.
Malicious app on Google Play
Source: BleepingComputer
... continue reading