SINGAPORE, December 5, 2023 – ESET, a leader in cybersecurity research, has recently identified a disturbing trend in the digital loan sector. Their latest findings indicate a sharp rise in deceptive Android loan applications, known as SpyLoan apps, which pose as legitimate personal loan services. These apps, however, are designed to defraud users by offering loans with exorbitant interest rates and deceitful terms, while simultaneously harvesting personal and financial information for blackmail purposes.
ESET’s products have identified these apps under the detection name ‘SpyLoan’, reflecting their dual functionality as spyware and loan services. These apps have been widely marketed through social media, SMS messages, and are available on various platforms, including scam websites, third-party app stores, and even Google Play.
As a member of the App Defense Alliance (ADA), ESET plays a crucial role in identifying Potentially Harmful Applications. Their efforts led to the identification of 18 SpyLoan apps, 17 of which were removed from Google Play following their report. These apps had amassed over 12 million downloads before their removal.
The SpyLoan apps exhibit identical behavior across different sources due to their similar underlying code. Users face the same risks and functions regardless of the download origin, be it a dubious website, a third-party app store, or Google Play.
ESET telemetry indicates that the enforcers of these apps, known for their blackmail and harassment tactics, operate primarily in countries like Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore. The researchers believe that detections outside these countries are linked to smartphones accessing phone numbers registered in these regions. Currently, there are no active campaigns targeting European countries, the USA, or Canada.
“These malicious applications exploit the trust that users place in legitimate loan providers, using sophisticated techniques to deceive people and steal a very wide range of personal information,” says Lukáš Štefanko, ESET researcher. “It is crucial for individuals to exercise caution, validate the authenticity of any financial app or service, and rely on trusted sources. By staying informed and vigilant, users can better protect themselves from falling victim to such deceptive schemes,” he adds.
Victims of these apps report that the total annual cost (TAC) of the loans is significantly higher than stated, with loan tenures much shorter than promised. In some instances, borrowers were pressured to repay loans in as little as five days, instead of the stated 91 days, with TACs ranging between 160% and 340%.
Once installed, SpyLoan apps prompt users to accept terms of service and grant extensive permissions for data access. The data exfiltrated includes account lists, call logs, device information, and even local Wi-Fi network details. The perpetrators encrypt all stolen data before transmitting it to their Command and Control (C&C) server.
The rapid growth of SpyLoan apps is attributed to developers drawing inspiration from successful FinTech services, which use technology to streamline financial services. However, unlike legitimate institutions, SpyLoan apps misuse data collection for spying, harassment, and blackmail.
For more detailed insights into these deceptive SpyLoan apps, ESET Research invites readers to explore their blog post titled “Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths.” Stay updated with the latest from ESET Research by following them on Twitter (today known as X).
Heatmap of SpyLoan detections seen in ESET telemetry between January 1 and November 30, 2023
For over three decades, ESET® has been at the forefront of developing industry-leading IT security software and services. Their solutions, ranging from endpoint and mobile security to endpoint detection and response, encryption, and multifactor authentication, are designed to protect users and businesses worldwide from sophisticated digital threats. ESET’s commitment to evolving cybersecurity is supported by their global R&D centers, dedicated to ensuring a safer use of technology.