App with over 100,000 downloads from Google Play steals user data and extortion points

A financial management app named the name Finances simplified Was uncovered as a malignant tool for stealing sensitive user data and as extortion.

Despite its fraudulent nature, the app managed to collect over 100,000 downloads from the Google Play Store before it was removed.

The app is connected to the Spyloan family, which is notorious for predatory credit practices and data use.

Malignant financial app is aimed at Indian users

The app initially appeared legitimate and used its presence in the official Google Play Store to win user confidence.

However, the researchers found that they have redirected users to an external website via a WebView component to download additional malicious components that are hosted on an Amazon EC2 server.

This tactic enabled him to bypass Google's security measures, including AI-based threat detection and real-time scan.

Once installed, Finances simplified User users by offering apparently attractive loan conditions without background tests.

In reality, the app has harvested sensitive data such as contact lists, call protocols, text messages, photos and equipment.

Victims who were excluded from loans were reportedly blackmailed with these stolen information.

Google Play's security measures withdraw

The app was aimed specifically at users in India and directs them to recommended credit applications and external websites.

Although Google has removed the app from its platform since then, it can still be put into operation on affected devices, which tacitly collected data in the background.

Experts warn that this stolen information could be sold to other cybercriminals or could be used for other malicious activities.

Apps for predatory loans such as those in the Spyloan family are a growing threat from cyber security.

According to Malwarebytes report, these apps use the victims by imposing abusive loan conditions and at the same time affect their privacy and security.

The incident underlines the ongoing cat mouse game between cybercriminals and app store security systems.

Users who suspect that their devices have been endangered by such apps is recommended to take immediate measures:

• Change passwords: Use strong, clear passwords for all accounts.
• Activate the two-factor authentication (2FA): Choose for FIDO2-compliant hardware key for additional security.
• Avoid saving card data online: Minimize the commitment by entering payment information manually if necessary.
• Set up identity monitoring: Monitor the abuse of personal data or illegal trade online.

This incident shows how important vigilance when downloading apps is even from trustworthy sources like Google Play.

Cybersecurity experts recommend thorough research into apps and reading user ratings before installing to avoid that similar systems fall victim to.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free