18 Fake Loan Apps fraud 12+ Million Users on Google Play – Know Full List Here
18 Fake Loan Apps fraud 12+ Million Users on Google Play – Know Full List Here
New Delhi: Recent revelations by cybersecurity experts revealed a startling discovery: the Google Play Store was infested with 18 Fake Loan apps frauds that had accumulated a total of more than 12 million downloads. Apps that appear to be harmless at first glance and feature alluring promises are, in fact, sophisticated deception devices designed to compromise the personal and financial information of users.
The SpyLoan network, which is monitored by the Slovak cybersecurity firm ESET, originates from the depths of the digital landscape and targets potential borrowers in Southeast Asia, Africa, and Latin America. The applications, bearing deceptive names such as AA Kredit and Cashwow, were intricately crafted to entice users into a labyrinth of fraud.
The list of applications that have been removed comprises:
- AA Kredit: इंस्टेंट लोन ऐप (com.aa.kredit.android)
- Amor Cash: Préstamos Sin Buró (com.amorcash.credito.prestamo)
- Oro Préstamo – Efectivo rápido (com.app.lo.go)
- Cashwow (com.cashwow.cow.eg)
- CrediBus Préstamos de crédito (com.dinero.profin.prestamo.credito.credit.credibus.loan.efectivo.cash)
- ยืมด้วยความมั่นใจ – ยืมด่วน (com.flashloan.wsft)
- PréstamosCrédito – GuayabaCash (com.guayaba.cash.okredito.mx.tala)
- Préstamos De Crédito-YumiCash (com.loan.cash.credit.tala.prestmo.fast.branch.mextamo)
- Go Crédito – de confianza (com.mlo.xango)
- Instantáneo Préstamo (com.mmp.optima)
- Cartera grande (com.mxolp.postloan)
- Rápido Crédito (com.okey.prestamo)
- Finupp Lending (com.shuiyiwenhua.gl)
- 4S Cash (com.swefjjghs.weejteop)
- TrueNaira – Online Loan (com.truenaira.cashloan.moneycredit)
- EasyCash (king.credit.ng)
- สินเชื่อปลอดภัย – สะดวก (com.sc.safe.credit)
Analyzing the Fraud
The primary vectors through which infection spreads are social media platforms and SMS messages, which serve as entry points for these applications. However, they are also available via third-party app stores and fraudulent websites, where they exploit users seeking financial assistance.
According to Lukas Stefanko, a security researcher at ESET, none of the aforementioned services offer the capability to submit a loan request via a website. He emphasized that these applications profit from smartphone users’ access to sensitive information for the purpose of extortion.
Deciphering the Sneaky Strategies
This finding is not an isolated incident. This 2020-dated scheme joins the collection of more than three hundred Android and iOS applications that Zimperium, Kaspersky, and Lookout discovered last year. By capitalizing on users’ urgent need for immediate funds, these applications lure them into precarious loan agreements and require them to divulge confidential data.
In addition to data harvesting, SpyLoan operators employ concerning strategies such as blackmail and harassment, coercing victims into making payments through threats of sharing private images and videos on social media platforms.
Battling With The Cyberthreats
In order to mitigate the risks associated with spyware threats, it is recommended that users adhere to official app sources, authenticate applications, and thoroughly examine reviews and permissions prior to installation.
The discovery is of great importance, as emphasized by Lukas Stefanko, who asserts that “these malevolent applications capitalize on the confidence that users have in reputable loan providers…”
This disclosure aligns with the reappearance of TrickMo, an Android banking Trojan that masquerades as a streaming application and possesses sophisticated functionalities to pilfer credentials and obscure its malevolent code.
Vigilance continues to be the most effective defense against impending dangers that prey on unsuspecting users in search of financial assistance in the digital age.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE NEWS HERE