BleepingComputer reports that more than 12 million Android devices have collectively downloaded 18 malicious loan apps dubbed "SpyLoan," which could exfiltrate not only call logs, local Wi-Fi network information, and image metadata but also text messages, location information, and contact lists.
While SpyLoan apps initially emerged in 2020, detections have risen since the beginning of 2022, especially in Mexico, India, and Thailand, according to a report from ESET.
Such apps were noted by researchers to adhere to the Financial Services policy of Google but sought permissions beyond those needed under Know Your Customer standards, with the apps discovered to require camera permissions to enable photo data uploading for KYC, as well as calendar access permissions.
"We believe the real purpose of these permissions is to spy on the users of these apps and harass and blackmail them and their contacts," said ESET researchers.
All but one of the apps have already been removed by Google while the remaining app was already given a new set of permissions that no longer made it a SpyLoan threat.
Endpoint/Device Security, Application security, Malware
Malicious SpyLoan apps gain traction on Android
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds