Predator app has downloaded 100,000 times from Google Play Store steals, used for blackmail

A malicious app that claims to be a financial management tool was downloaded 100,000 times from the Google Play Store. The app – known as “simplified” – to the Spyloan family, which specializes in predatory loans.

Sometimes malware manufacturers manage to list their apps in the official App Store. This is a great advantage for you because you give the app a feeling of legitimacy and the users do not have to convince to load the app from an unofficial website.

There is a much larger audience to you, you can rely on the trust in which we invest in the official app stores, and users have to do nothing that you may find suspicious.

While Google has improved the security measures-the recognition of AI-powered threats and real-time scans, which are more effective to identify and block malicious apps, the cat and mouse game between cyber criminals and safety measures is continued with each page, whereby all sides are continued be constructed with each side. Try to outsmart the other.

In this case, the loan app discovered the detection on Google Play by inviting a webview to transfer users to an external website from which they were able to download the app hosted on an Amazon EC2 server.

Rauba loan is all lending practice in which the borrower is exploited by the lender. Robbering born give credit conditions that are unfair or abusive.

The apps in the Spyloan family offer attractive loan conditions with practically without background tests. However, if the apps are installed, steal information from the victim's device with which the victim can be blackmailed. Especially if you miss payments for the loan.

The stolen information includes listed contacts, call protocols, text messages, photos and the location of the device.

Although the app has now been removed from Google Play, it can continue to be carried out on affected devices, whereby sensitive information is collected in the background.

The researchers found that the app only aims on users in India with the recommended loan applications and the detour to an external website.

The information stolen by users could be used for malicious purposes or sold to other cybercriminals.

The loss of data in connection with a financial account can have serious consequences. If you find an app of this family or other information stealing on your device, some guidelines have to follow to limit the damage:

• Change your password. You can make a stolen password for thieves useless by changing it. Choose a strong password you use for nothing else. Let a password manager select one more for you.
• Activate the two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, a laptop or a phone as a second factor. Some forms of two-factor authentication (2FA) can be set as easily as a password. 2FA that is dependent on a FIDO2 device cannot be caught.
• Consider not saving your card data. In any case, it is more convenient to get websites to remember your card data for you, but we strongly recommend not to save this information on websites.
• Set up identity monitoring. The identity monitoring notifies you when your personal data is illegally traded online and helps you to recover.

We don't just get in touch with the telephone security – we put it on

Cyber ​​security risks should never spread beyond a heading. Keep the threats from your mobile devices by downloading Malwarebytes for iOS and Malwarebytes for Android today.