SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
ESET identifies dramatic rise in deceptive SpyLoan apps in APAC region
Fri, 8th Dec 2023

A recent research study by ESET, a leading IT security software and services company, revealed a notable increase in the spread of deceptive SpyLoan applications. These apps are being used to trick consumers in the APAC region, predominantly on the Android platform, offering enticing quick loans while simultaneously collecting victims' personal and financial data with the aim of blackmailing them.

The study showed a discernible surge of such apps across unofficial third-party app stores, Google Play, and certain websites since early 2023. These apps market themselves as legitimate personal loan services, promising quick and uncomplicated access to funds. Behind the curtain though, they systematically collect users' personal and financial information and offer high-interest-rate loans, adorned with misleading descriptions.

During the research, ESET identified 18 such deceptive apps and reported them to Google. Following this, Google removed 17 of these apps from its platform. Prior to their removal, these apps had been downloaded over 12 million times from Google Play. ESET found the most active installations of the app in Southeast Asian regions such as Indonesia, Thailand, Vietnam, Singapore, and the Philippines. ESET has actively taken part in the App Defense Alliance and the malware mitigation program, aiming to identify and halt potentially harmful applications before they reach Google Play.

"These duplicitous applications take advantage of the trust users place in legitimate loan providers, employing sophisticated techniques to dupe people and steal a wide range of personal information," said Luk tefanko, an ESET researcher, who discovered many of the SpyLoan apps. He advised individuals to exercise caution, validate the authenticity of any financial app or service, and to lean on trusted sources to prevent falling prey to such deceptive schemes.

ESET also found that the data commonly sent to the Command and Control (C&C) server includes the user's list of accounts, call logs, device information, installed apps list, local Wi-Fi network information, calendar events, and even files on the device. Furthermore, contact lists, location data, and SMS messages are at risk. All this stolen data gets encrypted before transmission, adding a layer of protection for the culprits' activities. According to ESET Research, the actual intention behind acquiring such extensive permissions is to spy on and harass their users and their contacts.

ESET connects the origin of the SpyLoan scheme to 2020. When a user installs a SpyLoan app, they are prompted to accept the terms of service and grant extensive permissions. If these permissions are not granted, the loan is not delivered. Moreover, to complete the loan process, users are compelled to provide extensive personal information. After the app is installed and data procured, the enforcers pressure the victims into making payments, even if they didn't apply for a loan or if the loan application was not approved.

Explaining the boom in SpyLoan apps, tefanko pointed out that the developers of these apps draw inspiration from successful financial technology services, which use technology for offering streamlined, user-friendly financial services.