Quick loan app that has scammed people of lakhs if not crores of rupees has now rebranded itself to Wallet Pro — changing its name and identity to continue ripping people off. We’ve recently discovered that these threat actors can, and will, go far beyond just sending you threatening messages to recover the original loaned amount.
Following our previous report, the app advancing cash to people and scamming them along the way with the rebranded proxy app has doubled in the total number of downloads on the Google Play Store. There are more than 30000 reviews on the app at the moment, the majority of them being five stars and a few ones being one star. There are no two, three or four-star ratings — fake reviews galore.
Now to the untrained eye, this will seem like just another quick loan app, and sure enough, that’s how they got so many downloads. However, once you’ve taken the loan and the repayment date comes near, then starts the scam.
Repayment scam after the repayment that includes leaking your data
Installing the app requires the user to provide almost every permission an app can ask for, including access to camera, microphone, location and even your device’s storage.
Once a user has taken a loan, the app requires them to back in the next seven days. If the user defaults, they start sending threatening messages claiming that they’ll publicly shame the user in front of friends and family since they have your entire contact list. If the user doesn’t respond, they end up doing so. Other threats include verbal abuses and fake court documents.
Once the original amount is repaid, regardless of the user being behind the payment date, they start getting messages asking for repayments for loans that were never taken.
During Candid.Technology’s initial investigation earlier this year, the app used to demand these fake payments was called RupeeKing. This time around, it’s called Wallet Pro.
I experienced this myself. When I didn’t respond to the loan collectors (who were extremely verbally abusive in their demands), they circulated a fake message with a rather serious allegation and my ID to randomly chosen contacts from my contact list. This went on until the original amount was repaid.
Another victim who fell for this scam had sensitive photos from their phone gallery leaked and sent to random contacts. This happened after they had made the original payment in time. They ended up paying double thanks to the extortion messages and the threats.
Both apps share a similar structure in terms of UI, and the amount is, once again, hardcoded into the app, which is delivered to the user by a shortened URL in threatening messages. What’s worse, they also demand invasive permissions, including location, camera, lock screen, storage and network state.
We have good reason to suspect that the apps sent using these shortened links contain spying malware, considering the permissions they ask for and the delivery method.
This is an ongoing investigation, and we’re currently working on establishing a link between the app on the Play Store and RupeeKing/Wallet Pro. We’ll be bringing you updates as we uncover more.
In the News: Google bans all ad sales in Russia