SpyLoan Malicious App Downloaded 12M+ Times in Google Play

A variety of malicious loan apps, under the name SpyLoan, have been downloaded more than 12 million times in 2023 from Google Play, the official app store for Android.

That's according to ESET researchers, who said that the apps' overall download tally is likely much higher, as the apps are also available on third-party app stores and other websites.

SpyLoan falsely presents itself as a legitimate financial service for personal loans, promising easy access to funds, only to trick its users into signing up for high-interest payments. While doing this, the threat actors also collect the personal and financial information of the victim to blackmail them. Victims of these apps, most of which are vulnerable individuals, have stated that the annual cost of the loans offered on the app are much higher than stated, and the loan tenure is shorter.

According to the ESET researchers, the loans are marketed through SMS messages and social media. Each SpyLoan app, no matter where it was downloaded from, behaves in the same manner due to underlying identical code, meaning that every user will ultimately have the same experience and the same risks.

Operators of these apps and others that harass and blackmail their victims operate from countries, including Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, and the Philippines, according to ESET. The user data that is exfiltrated includes call logs, calendar events, device information, installed apps, local Wi-Fi network SSIDs, and file information. Information such as SMS messages, contacts, and location data are also at risk. According to the researchers, "the real purpose of the permissions requested by SpyLoan apps is to spy on their users and harass and blackmail them and their contacts."

For individuals to protect themselves, ESET stresses that users be cautious when downloading such apps, especially those with financial purposes, and validate the authenticity of the app prior to using it.