Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

These dangerous Android malware apps have been installed millions of times

Instant loan apps.

  • Researchers found 15 predatory loan apps on the Play Store
  • These apps promise cheap and quick loans, and then extort money and harass their victims
  • The apps have since been removed

Another set of malicious Android applications from the SpyLoan malware family were discovered, and subsequently removed, from the Google Play Store.

Unfortunately, by the time the 15 apps were identified and ousted, they amassed millions of installations around the world.

SpyLoan apps are also called “predatory loan apps.” They trick the victims into losing money in a somewhat different fashion. Once installed, they will still ask permission to gain access to things like contacts lists, SMS, camera, call logs, and the device’s location.

Targeting South America and Asia

The apps are advertised as personal finance software, promising users quick and flexible loans with low rates and minimal requirements.

These rates and requirements are fraudulent, and if the user accepts the service, they will end up paying high-interest rates. If they appeal, they will be harassed, blackmailed, and will even have their family members dragged into it, as well.

McAfee’s researchers found the 15 apps cumulatively had eight million downloads between them. The top four had a million installations each. The full list of malicious apps can be found on McAfee’s blog here.

The apps primarily targeted people in South America, Southeast Asia, and Africa. The top four apps, with four million downloads between them, were designed for users in Mexico, Colombia, and Senegal. Once the user installs the app, it will send a one-time passcode which it uses to identify the victim’s location, and thus decide whether to proceed or not.

The scariest part about this campaign is that the apps were found on Google’s official repository, the Play Store. Google is usually quite stringent when it comes to mobile apps, and quick to remove any offenders. As such, it has built a reputation of a trusted repository. These SpyLoan apps are another proof that consumers should not blindly trust anyone, not even Google, and should always verify.

To make sure an app is legitimate, make sure to check its rating, the number of downloads, and the reviews. Also, make sure the reviews aren’t randomly generated by bots. Ultimately, read a few lowest-rated reviews, to see what other users were most dissatisfied with.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.