Cyber Crime
15 SpyLoan Malware Apps with 8 Million Downloads Found on Google Play
A new wave of SpyLoan malware apps, totaling 15 and amassing over 8 million downloads, has been uncovered on Google Play. The apps targeted users in South America, Southeast Asia, and Africa, according to a report by McAfee, a member of the ‘App Defense Alliance.’
These malicious apps have been removed from the Google Play Store, but their presence highlights the persistence of threat actors. McAfee noted that recent law enforcement actions against SpyLoan operators have done little to deter such operations.
The last major crackdown on SpyLoan apps occurred in December 2023, when over a dozen apps with 12 million downloads were taken down.
SpyLoan’s Modus Operandi
SpyLoan apps masquerade as financial tools offering quick loans with deceptive terms. Once installed, they validate users through a one-time password (OTP) to confirm they are within targeted regions. Victims are then prompted to provide sensitive information, such as ID documents, employment details, and bank account data.
These apps exploit device permissions to gather extensive personal data, including contacts, SMS messages, call logs, location, and even camera access. This data is later used to extort users.
In addition to collecting private information, these apps can exfiltrate all SMS messages, GPS and network location, device details, OS data, and even sensor activity. Victims who take loans are subjected to high-interest rates, harassment, and blackmail. Operators have been known to contact victims’ family members to apply further pressure.
List of Popular SpyLoan Apps
McAfee identified 15 malicious apps, including these eight with significant download numbers:
- Préstamo Seguro-Rápido, Seguro (1,000,000 downloads) – Targets Mexico
- Préstamo Rápido-Credit Easy (1,000,000 downloads) – Targets Colombia
- ได้บาทง่ายๆ-สินเชื่อด่วน (1,000,000 downloads) – Targets Senegal
- RupiahKilat-Dana cair (1,000,000 downloads) – Targets Senegal
- ยืมอย่างมีความสุข – เงินกู้ (1,000,000 downloads) – Targets Thailand
- เงินมีความสุข – สินเชื่อด่วน (1,000,000 downloads) – Targets Thailand
- KreditKu-Uang Online (500,000 downloads) – Targets Indonesia
- Dana Kilat-Pinjaman kecil (500,000 downloads) – Targets Indonesia
ALSO READ: Nominate Top CISOs for Prestigious FutureCrime Summit 2025 Honors
Recommendations for Protection
Despite Google’s robust app review systems, SpyLoan apps continue to infiltrate the Play Store. Users are advised to:
- Check user reviews and developer reputations.
- Limit app permissions during installation.
- Keep Google Play Protect active on their devices.
The discovery of these apps underscores the need for vigilance while downloading and using financial apps.
