Malware continues to sneak into the Play Store: these apps were downloaded millions of times before being removed

Download applications only from Play Store It is a good way to keep our devices more protected, but blindly trusting this resource can be a mistake. Despite Google’s efforts to eradicate security threats from the Android app store, cybercriminals often get away with it.

A sample of this reality is found with what is known as SpyLoan. This is a fraud technique recently found in 15 Android applications. They were available for a time on the Play Store and reached a combined total of more than 8 million downloads before they were removed by Google.

SpyLoan, more than malware in the Play Store

McAfee explains that SpyLoan was hiding behind financial applications that promised fast and flexible loans. Far from being a solution for users looking to access borrowed money, these applications could become a headache based on data collection, abusive fees and, literally, extortion.

It was normal to find countdown solutions in this type of solutions that reproduced a sense of urgency so that users made hasty decisions. When someone decided to move forward with the process, they used to provide a huge amount of personal information and opened the door to being bombarded with messages through different means of contact.

At the same time, the loan apps identified below were requesting unnecessary permissions. They could access the call log and the user’s location. Also accessed text messages and collected data on basic information and device status, such as its unique identifier, mobile network type, and more.

• Safe Loan-Fast, secure.
• Quick Loan-Credit Easy.
• ได้บาทง่ายๆ-สินเชื่อด่วน.
• RupiahKilat-Dana cair.
• ยืมอย่างมีความสุข – เงินกู้.
• เงินมีความสุข – สินเชื่อด่วน.
• KreditKu-Uang Online.
• Dana Kilat-Pinjaman kecil.
• Cash Loan-Vay tiền.
• RapidFinance.
• PrêtPourVous.
• Huayna Money – Quick Loan.
• ILoans: Quick Credit.
• Get Sol-Money Fast.
• ÉcoPrêt Prêt En Ligne.

The cybersecurity company adds an even more alarming fact: behind these applications there were groups of people specifically trained to extort victims. A technical analysis of them reveals code designed to steal user data. Several testimonies report this type of practice to obtain money.

This is what some of the SpyLoan applications looked like in the Play Store

Apparently, the cybercriminals were threatening the victims. They were told that they would share publicly private data such as photos (some edited by them) if they did not comply with the payments. As if this were not enough, the threats would have gone one step further, sending harassing messages to family and friends (thanks to the stolen phone numbers).

During this year, police operations were carried out in Peru and Chile where hundreds of people related to this fraudulent activity that targeted several countries in Asia, Africa and Latin America were identified. Google, for its part, has finally removed the applications identified as clearly violating Play Store rules.

Images | Xataka with DALLE·E | McAfee

In Xataka | What is Trinity, the ransomware with which a group of hackers has supposedly stolen and encrypted data from the Tax Agency