- The researchers found an application of predators loans that are hidden as a financial management application
- Android application appeared to attack Indian users exclusively
- He was eliminated from the Play Store store
Cyber security researchers have found a Spyloan application on Google Play aimed at Indian consumers with about 100,000 downloads, before being taken from the App Store.
Predator loan applications have a simple modus operandi: they are announced as rapid and easy loan applications, which offer rapid loans with little or no paperwork. However, when the victim installs the application, it demands excessive permits, accessing the messages of the people and the records of calls, contacts, photos and more.
After taking a loan, the application then asks for high interest rates, begins to harass the victim and threatens to release sensitive photos (sometimes even false and also edited photos).
Avoid security mechanisms with WebView
In this case, Cyfirma cybersecurity researchers found an application called Finance Simplified, which supposedly had 100,000 downloads on Google Play before being shot down. This application pretended to be a financial management application, and although it worked more or less as intended throughout the world, it behaved differently for users located in India.
Before the application was withdrawn, Bleepingcomputer He managed to read some of the reviews. “Very, very bad application, they gave a lower amount to the loan and the black mail to pay high photoes published as a naked and black mail,” reads a review. Cyfirma also said that the application was announced as a registered non -banking financial company, which was a direct lie.
Google is usually quite good to detect malware in its repository, which raises the question: how was finance simplified? Apparently, he carried a WebView to redirect users to an external website, from where they downloaded an APK loan application housed on an EC2 Amazon server.
“The simplified finance application seems specifically to Indian users by showing and recommending loan applications, loading a web view that shows a loan service that redirects an external website where a separate loan APK file is downloaded,” he said Cyfirma.
After the news was learned, a Google spokesman said the application was eliminated from Google Play, and added that Android users are “automatically protected” with known versions of this malware by Google Play Protect. “Google Play Protect can warn users or block applications that are known to exhibit malicious behavior, even when those applications come from sources outside the game,” said the spokesman to Bleepingcomputer.
