“Despite their attractive appearance, these services are actually designed to try to trick users by offering high-interest loans with fraudulent descriptions, allowing them to collect and intimidate the victim’s personal and financial information and ultimately obtain financing,” it said. ESET.
A Slovak cyber security company tracks these programs, called SpyLoan, saying they are designed to target potential borrowers in Southeast Asia, Africa and Latin America.
SMS messages and social media channels such as Twitter, Facebook and YouTube are the main channels of infection, but apps can also be downloaded from fraudulent sites and third-party app stores. “None of these services offers the possibility to submit a loan request using the website, because through the browser, the blackmailer does not have access to all the confidential user data stored on the smartphone and necessary for blackmail,” says Lukashtefanko, a representative of ESET. security researcher. The app, which is part of a wider scheme dating back to 2020, was added to a tranche of more than 300 Android and iOS apps launched last year by Kaspersky, Lookout and Zimperium, which said it was a “quick and easy way to attract borrowers”. predatory credit deals and demand access to confidential information such as contacts and SMS messages.” He took advantage of the victim’s desire to get money.”
In addition to collecting information from compromised devices, SpyLoan operators have also been seen to rely on extortion and harassment tactics to extort payments from victims by threatening to post photos and videos on social media platforms.
In one message, identified by Hacker News and posted on the Google Play Help Community in early May of this year, a Nigerian user claimed to have been “intimidated, defamed and killed while fraudulently providing loans to victims at high and exorbitant interest rates and apparently having full state names including debtor’s address and Bank Identification Number (BVN)”. “We have introduced compulsory payment through internet threats, but we continue to annoy people who are subjected to unnecessary pressure and panic,” urged EasyCash .
In addition, the program requests permissions for media files, cameras, calendars, contacts, call logs, SMS messages using a misleading privacy policy. Some programs also use fake websites filled with stolen office photos and stock images. attempts to lend a veil of legitimacy to their operations. To reduce the risk of spyware threats, it is recommended to use official sources to download the program and not only verify the authenticity of such offers, but also pay special attention to reviews and permissions before installation.
SpyLoan is “an important reminder of the risks borrowers face when seeking financial services online,” Stefanko said. “These malware allow trusted users to use sophisticated technology to deceive and steal a very wide range of personal information, legitimate loan Pro””.
The development also follows the resurgence of an Android banking trojan called TrickMo, disguised as a free mobile streaming app, in addition to using JsonPacker to hide malicious code, steal screen content, load runtime modules, and extract credentials from target applications. It also comes with upgraded features like overlay injection to help you get the most out of your system.
“The shift to malware overlay attacks, the use of JsonPacker to obfuscate code, and concerted behavior with command and control servers highlight threat actors’ dedication to improving their strategies,” Sable said in an analysis last week.