Researchers have noticed an increase in fraudulent Android loan applications that present themselves as legitimate services. They offer high-interest loans to users, while collecting their victims’ personal and financial data in order to blackmail them. This was pointed out by the security company Eset.
“It is very important that users exercise caution, verify the authenticity of any financial application or service, and rely on trusted sources. By remaining informed and vigilant, users can better protect themselves from falling victim to such fraudulent schemes, “ said company researcher Lukáš Štefanko.
The company informed that after installing the app, the user is prompted to accept the terms of service and grant broad permissions to access sensitive data stored on the device as well as extensive personal data. According to the personal data protection policy of these applications, if permission is not granted, the loan will not provide.
Data that is typically exfiltrated to the control server includes a list of user accounts, call logs, calendar events, device information, lists of installed applications, local Wi-Fi network information, and even information about files on the device. In addition, they are also vulnerable contact lists, location data and SMS messages.
“It doesn’t matter if the app was downloaded from a suspicious website, a third-party app store, or even Google Play. App users will encounter the same features and face the same risks regardless of where they got the app from,” the security firm said. company.
According to its telemetry data, attackers who blackmail and harass their victims also operate death threatsespecially in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, Philippines, Egypt, Kenya, Nigeria and Singapore.
“There are several reasons behind the rapid growth of these applications. One of them is that the developers of these applications are inspired by successful FinTech services that use technology to provide simplified and user-friendly financial services,” Štefanko concluded.