Malicious ads with time-limited offers and countdowns have been leveraged by threat actors to lure downloads of the predatory loan apps, which would seek unneeded permissions for SMS, contact, call record, phone storage, calendar, microphone, and camera access, which would then be used for extortion and contact spamming in the event a loan payment is missed.