- Researchers found a predator loan -App stored as a financial management application
- The Android app is solely for targeting Indian users
- It was removed from the Play Store
Cybersecurity scientists have found a spyloan app in Google Play aimed at Indian consumers with about 100,000 downloads before being pulled from the App Store.
Predator loan apps have a simple Modus Operandi: They advertise as fast and light loan apps that offer fast loans with little to no paperwork. However, when the victim installs the app, it requires excessive permissions, access to people’s messages and call logs, contacts, photos and more.
After taking out a loan, the app then asks for high interest rates, begins to harass the victim and threaten to release sensitive photos (sometimes even fake, edited photos too).
Bypassing security mechanisms with webview
In this case, cyber security researchers from Cyfirma found an app called Finance Simplified, which allegedly had 100,000 downloads on Google Play before being pulled down. This app pretended it was a financial management application, and although it worked more or less as intended throughout the world, it behaved differently for users located in India.
Before the app was drawn, Bleeping computer managed to read some of the reviews. “Very very bad app they gave low loan amounts and black mail to pay high or photo edited as a naked and black mailing,” read a review. Cyfirma also said the app was advertised as a registered non-banking financial company, which was a direct lie.
Google is usually quite good at discovering malware in his depot raising the question – how did finances simplify it through? Apparently it loaded a webview to redirect users to an external site from which they downloaded a loan app APK hosting an Amazon EC2 server.
“The Financial Association app seems to target Indian users specifically by displaying and recommending loan applications, loading a webview showing a loan service that redirects to an external site where a separate loan -APK file is downloaded,” Cyfirma said.
After the news broke, a Google spokesman said the app was removed from Google Play, adding that Android users are “automatically protected” from known versions of this malware by Google Play Protect. “Google Play Protect can warn users or block apps known to show malicious behavior even when these apps come from sources outside the game,” the spokesman told Bleeping computer.
