Hyderabad: Google recently took action by removing 17 SpyLoan apps from the Play Store, following a surge in deceptive Android loan applications. These apps, posing as legitimate personal loan services, enticed users with promises of quick and easy access to funds.
Despite their appealing facade, these services were designed to defraud users by offering lower than market interest rate loans with misleading descriptions, all the while collecting personal and financial information, which they will later exploit and gain access to victims' funds.
The SpyLoan apps removed by Google include AA Kredit, Amor Cash, GuayabaCash, EasyCredit, Cashwow, CrediBus, FlashLoan, PréstamosCrédito, Préstamos De Crédito-YumiCash, Go Crédito, Instantáneo Préstamo, Cartera grande, Rápido Crédito, Finupp Lending, 4S Cash, TrueNaira, and EasyCash. These apps primarily targeted users in Southeast Asia, Africa, and Latin America.
What are SpyLoan apps? SpyLoan apps falsely represent themselves as a legitimate financial service for personal loans, luring them into signing up for loans with low interest rates which become exorbitant as times passes. During the sign-up process, threat actors also collect victims' personal and financial details, which they will use for blackmail.
The report by the Slovak software company ESET, released on December 5, identified these apps. ESET highlighted these apps' dual functionality of spyware coupled with misleading loan claims.
The report said, "ESET Research has observed an alarming growth of deceptive Android loan apps offering personal loans designed to defraud users and gain their personal information. Many of these apps found their way to official marketplaces."
"These apps request access to the list of accounts, call logs, calendar events, device info, list of installed apps, Wi-Fi network info, information about files on the device, contact lists, location data, and SMS messages. No loan is provided if access is not granted," the report added.
"Users who install such apps are prompted to accept their terms. The apps then request user registration, typically through SMS one-time password verification, to validate the phone number, ensuring only numbers registered in the targeted country can create an account," the report concluded.
According to the victims, the actual annual cost of the loans offered by these apps was higher than initially stated, and the loan tenure was shorter than promised. The deceptive marketing of these loans occurred through SMS messages and social media, contributing to their widespread impact.
ESET, as a member of the App Defense Alliance (ADA), identified 18 SpyLoan apps and reported them to Google, resulting in the removal of 17 apps from the platform. Before removal, these apps collectively amassed over 12 million downloads from the Play Store. Google, in its mission to combat predatory apps that engage in spying activities, has removed over 200 similar apps from the Play Store.