Eset has coined the term "SpyLoan" for this brand of malware, which operates under the guise of providing legitimate lending services while exploiting victims for personal and financial information. Despite Google's efforts to eliminate such apps from the Play Store, the pace at which they're being removed is lagging behind the fraudsters' agility in promotion through social media and text messaging.
In just a matter of weeks, Eset identified 18 such apps, reporting them to Google. Although a majority have been removed, millions of users had already downloaded and installed them, amounting to over 12 million downloads in total. Regardless of the source—suspicious websites, third-party app stores, or even Google Play—SpyLoan applications perform identically due to a shared underlying code. Users encounter the same functions and face identical risks, irrespective of where they obtained the app.
The subterfuge doesn't end with data privacy violations; these cunning services engage in modern digital usury, charging excessive interest rates. In some instances, borrowers were coerced into repaying loans within five days instead of the advertised 91 days, with annual costs ranging between 160 and 340 percent. Once applicants provide their extensive personal information during the application process, this data is used by the fraudsters to exert pressure for premature repayment of the loan along with the inflated interest.
Victims have had detailed information extracted by the perpetrators, including lists of contacts, call logs, calendar entries, device information, and files saved on their mobiles. Telemetry data show that the most affected victims are in Mexico, Indonesia, Thailand, Vietnam, India, and Pakistan. So far, these fraudulent campaigns have not made their presence felt in Europe or overseas.
