One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8630525 |
| Date de publication | 2024-12-02 20:25:02 (vue: 2024-12-27 09:08:19) |
| Titre | SpyLoan Malware Hits 8 Million Android Users |
| Texte | Security researchers at McAfee Labs have identified 15 malicious Android apps that contain malware known as \'SpyLoan\'.
These apps have been downloaded over 8 million times from the Google Play Store.
These predatory loan apps disguise themselves as legitimate financial services, luring unsuspecting users into downloading them.
They are targeting users primarily in South America, Southeast Asia, and Africa, with some of them being promoted through deceptive social media advertising.
“These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which can lead to extortion, harassment, and financial loss,” security researcher Fernando Ruiz wrote in a blog post published last week.
According to the security software company, the 15 SpyLoan apps operate using a shared framework designed to encrypt and exfiltrate sensitive data from a victim\'s device to a command and control (C2) server, indicating that the same developer or group of cybercriminals is behind all of them.
SpyLoan apps masquerade as legitimate loan providers under deceptive names and logos, creating a false sense of trust.
These apps pose as genuine loan services, promising instant credit with minimal requirements to unsuspecting users in Mexico, Colombia, Senegal, Thailand, Indonesia, Vietnam, Tanzania, Peru, and Chile.
Once a user registers for the service, these apps use a one-time password (OTP) to ensure they have a phone number from the targeted region.
The users are then prompted to provide supplementary identification documents and personal information, banking accounts, employee information, and device data that are subsequently exfiltrated from the victims to the C2 server in an encrypted format.
However, these apps secretly collect sensitive data, including contacts, call logs, and SMS messages, under the pretense of processing loans.
They also employ aggressive tactics, such as demanding additional mobile app permissions and intimidating users with threatening messages or calls, including death threats.
Once the loan is disbursed, users often find themselves trapped in high-interest repayment schemes.
The operators misuse the stolen phone data to harass and blackmail borrowers, often contacting family members to pressure repayment.
According to McAfee Labs, malicious SpyLoan apps and unique infected devices have increased by over 75% from the end of Q2 to the end of Q3 2024.
5 of these apps are still available for download on the official app store, as they have reportedly made adjustments to align with Google Play policies.
To mitigate the risks posed by such apps, it is advisable to read app permissions carefully, read app reviews to see if any issues have been reported, avoid downloading apps from third-party marketplaces, check the legitimacy of the application publisher before downloading them, and install and update security software.
“The threat of Android apps like SpyLoan is a global issue that exploits users’ trust and financial desperation. Despite law enforcement actions to capture multiple groups linked to the operation of SpyLoan apps, new operators and cybercriminals continue to exploit these fraud activities,” Ruiz said.
“SpyLoan apps operate with similar code at app and C2 level across different continents. This suggests the presence of a common developer or a shared framework that is being sold to cybercriminals. This modular approach allows these developers to quickly distribute malicious apps tailored to various markets, exploiting local vulnerabilities while maintaining a consistent model for scamming users.”
Security researcher |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “spyloan “the “these 2024 according accounts across actions activities additional adjustments advertising advisable africa aggressive align all allows also america android any app application applications approach apps are asia available avoid banking been before behind being blackmail blog borrowers call calls can capture carefully check chile code collect colombia command common company consistent contacting contacts contain continents continue control creating credit cybercriminals data death deceptive demanding designed desperation despite developer developers device devices different disbursed disguise distribute documents download downloaded downloading employ employee encrypt encrypted end enforcement engineering ensure exfiltrate exfiltrated exploit exploiting exploits extortion extra false family fernando financial find format framework fraud from genuine global google granting group groups harass harassment have high hits however identification identified including increased indicating indonesia infected information install instant interest intimidating issue issues known labs last law lead legitimacy legitimate level like linked loan loans local logos logs loss luring made maintaining malicious malware marketplaces markets masquerade mcafee media members messages mexico million minimal misuse mitigate mobile model modular multiple names new number official often once one operate operation operators otp over party password permissions personal peru phone play policies pose posed post potentially predatory presence pressure pretense primarily processing programs promising promoted prompted provide providers providing published publisher pup quickly read region registers repayment reported reportedly requirements researcher researchers reviews risks ruiz ruiz wrote in said same scamming schemes secretly security see senegal sense sensitive server service services shared similar sms social software sold some south southeast spyloan stolen store subsequently such suggests supplementary tactics tailored tanzania targeted targeting thailand them themselves then these third threat threatening threats through time times trapped trick trust under unique unsuspecting unwanted update use user users users’ using various victim victims vietnam vulnerabilities week which |
| Tags | Malware Vulnerability Threat Legislation Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.