Popular Android financial help app is actually dangerous malware
- Researchers found a predatory loans app hiding as a financial management application
- Android app apeared to exclusively target Indian users
- It was removed from the Play Store
Cybersecurity researchers have found a SpyLoan app in Google Play targeting Indian consumers with some 100,000 downloads, before being pulled from the app store.
Predatory loan apps have a simple modus operandi: they advertise as quick and easy loan apps, offering fast loans with little to no paperwork. When the victim installs the app, though, it demands excessive permissions, accessing people’s messages and call logs, contacts, photos, and more.
After taking a loan, the app then asks for high interest rates, starts harassing the victim, and threatens to release sensitive photos (sometimes even fake, edited photos, too).
Bypassing security mechanisms with WebView
In this case, cybersecurity researchers from CYFIRMA found an app called Finance Simplified, which allegedly had 100,000 downloads on Google Play before being pulled down. This app pretended to be a financial management application, and while it worked more-or-less as intended around the world, it behaved differently for users located in India.
Before the app was pulled, BleepingComputer managed to read some of the reviews. “Very very very bad app they given low loan amount nd black mail to pay High otherwise photoes edited as a nude nd black mailing,” one review read. CYFIRMA also said the app was advertised as a registered non-banking financial company, which was an outright lie.
Google is usually quite good at spotting malware in its repository, which begs the question – how did Finance Simplified make it through? Apparently, it loaded a WebView to redirect users to an external website, from where they downloaded a loan app APK hosted on an Amazon EC2 server.
“The Finance Simplified app appears to target Indian users specifically by displaying and recommending loan applications, loading a WebView that shows a loan service that redirects to an external website where a separate loan APK file is downloaded,” CYFIRMA said.
After the news broke, a Google spokesperson said the app was removed from Google Play, and added that Android users are “automatically protected” against known versions of this malware by Google Play Protect. “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play,” the spokesperson told BleepingComputer.
You might also like
Researchers found a predatory loans app hiding as a financial management application Android app apeared to exclusively target Indian users It was removed from the Play Store Cybersecurity researchers have found a SpyLoan app in Google Play targeting Indian consumers with some 100,000 downloads, before being pulled from the app…
