Cyber Crime
Exposed: 18 Fake Loan Apps Swindle Over 12 Million Users on Google Play – Check Full List Here
NEW DELHI: Cybersecurity experts recently unveiled a staggering find: 18 deceptive loan applications lurking on the Google Play Store, collectively amassing over 12 million downloads. These seemingly innocent apps, adorned with enticing promises, are actually sophisticated tools crafted to dupe users, compromising their personal and financial information.
ALSO READ: Nominate India’s 100 Most Influential Cyber Warriors
The SpyLoan Network Unveiled
Hailing from the depths of the digital landscape, the SpyLoan network, tracked by Slovak cybersecurity firm ESET, specifically sets its sights on potential borrowers across Southeast Asia, Africa, and Latin America. The apps were meticulously designed, bearing names like AA Kredit and Cashwow, to allure victims into a web of deceit.
The list of now-removed apps includes:
- AA Kredit: इंस्टेंट लोन ऐप (com.aa.kredit.android)
- Amor Cash: Préstamos Sin Buró (com.amorcash.credito.prestamo)
- Oro Préstamo – Efectivo rápido (com.app.lo.go)
- Cashwow (com.cashwow.cow.eg)
- CrediBus Préstamos de crédito (com.dinero.profin.prestamo.credito.credit.credibus.loan.efectivo.cash)
- ยืมด้วยความมั่นใจ – ยืมด่วน (com.flashloan.wsft)
- PréstamosCrédito – GuayabaCash (com.guayaba.cash.okredito.mx.tala)
- Préstamos De Crédito-YumiCash (com.loan.cash.credit.tala.prestmo.fast.branch.mextamo)
- Go Crédito – de confianza (com.mlo.xango)
- Instantáneo Préstamo (com.mmp.optima)
- Cartera grande (com.mxolp.postloan)
- Rápido Crédito (com.okey.prestamo)
- Finupp Lending (com.shuiyiwenhua.gl)
- 4S Cash (com.swefjjghs.weejteop)
- TrueNaira – Online Loan (com.truenaira.cashloan.moneycredit)
- EasyCash (king.credit.ng)
- สินเชื่อปลอดภัย – สะดวก (com.sc.safe.credit)
ALSO READ: Cyber Crime Helpline: Reporting Cyber Crime In India? Keep This Information Ready Before Calling 1930!
Tracing the Deception
The pathway to infection primarily stems from SMS messages and social media platforms, acting as a gateway for these apps. However, they’re also accessible through scam websites and third-party app stores, preying on unsuspecting users seeking financial aid.
ESET’s security researcher, Lukas Stefanko, highlighted, “None of these services provide an option to request a loan using a website…” He emphasized that these apps thrive on accessing sensitive user data stored on smartphones for blackmailing.
ALSO READ: Cyber Crime Helpline: Reporting Cyber Crime In India? Keep This Information Ready Before Calling 1930!
Unveiling the Devious Tactics
This discovery isn’t an isolated incident. Dating back to 2020, this scheme adds to a slew of over 300 Android and iOS apps unearthed by Kaspersky, Lookout, and Zimperium last year. Exploiting the desperation for quick cash, these apps ensnare users into predatory loan contracts, demanding access to sensitive information.
Aside from harvesting data, SpyLoan operators resort to alarming tactics, including blackmail and harassment, pressuring victims into payments by threatening to release their private photos and videos on social media platforms.
Combatting the Threat
To safeguard against such spyware threats, experts advocate sticking to official app sources, verifying app authenticity, and scrutinizing reviews and permissions before installation.
Lukas Stefanko underlines the significance of this discovery, stating, “These malicious applications exploit the trust users place in legitimate loan providers…”
This revelation coincides with the resurgence of TrickMo, an Android banking trojan masquerading as a streaming app, equipped with advanced capabilities to steal credentials and conceal its malicious code.
In the digital age, vigilance remains the key armor against the looming threats that target unsuspecting users seeking financial assistance.