Illustration: Cinemato
A rise in predatory loan apps, known as SpyLoan, targets mobile users worldwide, especially in developing countries in South and South East Asia, Africa, and South America. These 15 distinct apps on Google Play have over eight million installations worldwide.
This problem is not confined to a single country or continent but has expanded globally. According to researchers, fake loan apps have targeted India, Thailand, Indonesia, Vietnam, Philippines, Nigeria, Kenya, Uganda, Mexico, Colombia, Chile, and Peru.
These apps lure users with promises of quick loans, then exploit personal data and employ tactics like extortion and harassment, leaving victims vulnerable to financial and emotional harm.
Once installed, the apps request unnecessary permissions to access private data, which is then exfiltrated to external servers. For example, the apps may ask for access to contacts, SMS messages, cameras, microphones, and more.
Researchers’ investigation revealed that although these apps appear on Google Play, they slip past security vetting processes by mimicking the branding and interfaces of legitimate financial institutions. Deceptive advertising on social media platforms further spreads its reach, targeting users in developing regions.
Despite some of these apps being removed or updated by Google, researchers continue to flag them as ‘Android/PUP.SpyLoan’ due to the inherent risks they pose, especially given that many of these apps still operate outside the jurisdiction of regulatory authorities and exploit loopholes in app’s permission to harvest data.
SpyLoan apps are a common technical infrastructure, utilising encrypted data channels to exfiltrate sensitive information to command and control (C2) servers.
The apps rely heavily on misleading tactics, including countdown timers that create a false sense of urgency, pushing users to make hasty decisions and share personal information without fully understanding the risks. One example shows how an app called ‘Presta Facil: Revision Rapida’ promotes its services on Facebook, with the promise of quick loans in local currencies.
Upon installation, users are asked to provide their phone numbers which are verified through an OTP (one-time password) sent via SMS to ensure they are located in a targeted country.
The consequences of using SpyLoan apps can be severe. Researchers highlighted numerous reports of users being harassed and extorted by the app operators, with some victims receiving threatening calls and messages.
Personal photos and IDs are sometimes used to intimidate victims, who are coerced into paying inflated interest rates or hidden fees. In extreme cases, users have faced reputational damage, emotional distress, and even physical harm due to the aggressive tactics employed by the scammers.
Experts recommend reviewing app permissions carefully, avoiding unnecessary access requests, and researching app developers to verify their legitimacy. Additionally, users should be cautious of deals that seem too good to be true, as these often serve as bait for malicious apps.
In the News: OpenSea users targeted in phishing scam mimicking NFT offers