Dubbed SpyLoan, due to their inherent functionality, these applications have been downloaded more than 12 million times on Google Play. However, the actual count is estimated to be much higher as they are also available on third-party app stores and fraudulent websites, revealed ESET. Marketed through social media websites and SMS messages, SpyLoan deceives victim’s into sharing various kinds of sensitive information and exfiltrate it to hacker controlled C2 servers. Stolen information includes, call logs, device details, installed apps, calendar events, contact list, location data, SMS messages, local Wi-Fi network details, and file information. According to ESET researchers, the purpose behind collecting this data and various device permission requests ‘’is to spy on their users and harass and blackmail them and their contacts’’. ESET, a member of the App Defense Alliance and active participant in mitigating malware from Google Play, discovered 18 SpyLoan apps. These were reported to Google, resulting in the removal of 17 notified apps. The research further revealed that irrespective of the download source, the risks and functionality of these apps were identical, due to a similar underlying code. Furthermore, ESET’s telemetry revealed that these attacks were more prominent in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore. According to ESET’s researcher Lukáš Štefanko, these apps are designed to take advantage of vulnerable people. Thus, it is essential that online users exercise caution and stay vigilant when using such financial applications. ESET further advises people to download apps only from verified, official sources and to carefully scrutinize requested permissions, app reviews, and policies to prevent falling prey to such threats.
