Researchers at Cyfirma have detected a new malware on the Google Play Store. Called SpyLend, the malware masquerades as a harmless financial app that lets you get loans in just a few clicks, Finance Simplified.
Once installed on its targets’ smartphones, the virus will first request a host of permissions. With these permissions, demanded under false pretenses, the malware will collect a huge amount of data, such as contact lists, call histories, SMS messages, photos, and the device’s location. The researchers also found that the entire location history, last 20 clipboard entries, loan history, and SMS banking transaction messages were collected. These personal details were then discreetly collected by the cybercriminals behind the operation.
Intimate photo blackmail
The app then works as intended by offering the user to take loans at high rates. In order to fool the targets, the app pretends to come from registered non-banking financial companies (NBFCs). These companies are regulated by specific financial authorities, but they are not subject to the same rules as banks. In fact, Finance Simplified was not developed by a registered company. The app is "a gateway to predatory lending apps"that are illegal.
Once the loan is granted, the hackers will use the stolen information to extort more money from users and put pressure on them. As shown by the testimonies visible on the Play Store, the scammers do not hesitate to threaten the target with publishing their intimate photos in the event of late payment. If no compromising photos are found, the hackers will design some using deepfakes and photos stored on the phone.
A new case of SpyLoan
In fact, SpyLend is part of SpyLoan-type malware. These viruses target Internet users looking for funds quickly. They pretend to be reliable financial institutions and seduce users with promises of simple and fast loans. The hackers then use the data in their possession to blackmail victims, who are already in a difficult financial situation.
As Cyfirma found, Finance Simplified has been downloaded over 100,000 times through the Play Store. Most of the victims are from India. The app “has seen a significant increase in downloads, from 50,000 to 100,000 in a single week,” the report notes.
To get into the store without Google’s knowledge, SpyLend loads a window using WebView, a component that allows web pages to be displayed within the app. This web page then redirects users to an external site. From this site, users can download a loan app as an APK file. Therefore, the part of the app that contains violations of Google's rules never goes through the Play Store.
Alerted by the security company, Google promptly banned the app from the Play Store. This is not the first time that SpyLoan apps have appeared on the Play Store without Google's knowledge. Last November, 15 Android apps designed for extortion had slipped onto the platform. A year earlier, 18 similar apps had been uncovered.
Source: Cyfirma
0 Comments