- Researchers have found a predatory loans application hiding as a financial management application
- The Android application has been seen to exclusively target Indian users
- It was removed from the Play Store
Cybersecurity researchers found a Spyloan application in Google Play targeting Indian consumers with some 100,000 downloads, before being removed from the App Store.
Predatory loans applications have a simple opera modus: they announce quick and easy loan applications, offering quick loans with little or no paperwork. However, when the victim installs the application, she requests excessive authorizations, accessing people and call newspapers, contacts, photos and more.
After taking a loan, the application then requires high interest rates, begins to harass the victim and threatens to publish sensitive photos (sometimes even false photos published also).
Go around safety mechanisms with WebView
In this case, cybersecurity researchers from Cyfirma have found an application called Simplified Finance, which would have had 100,000 downloads on Google Play before being lowered. This application pretended to be a financial management application, and although it worked more or less as planned in the world, it behaved differently for users located in India.
Before the application is drawn, Bleeping Compompute managed to read some of the criticisms. “Very very very bad application, they gave the amount of the low loan and the black mail to pay for otherwise modified photos as a nude ND Black Mailing,” said a review. Cyfirma also said that the application had been announced as a registered non -banking financial company, which was a pure and simple lie.
Google is generally good enough to identify malware in its repository, which raises the question – how is it simplified? Apparently, he loaded a web view to redirect users to an external website, from where they downloaded an APK loan application hosted on an Amazon EC2 server.
“The Finance Simplified Application seems to target Indian users specifically by displaying and recommending loan requests, loading a view on the web which shows a loan service that redirects to an external website where a separate loan APK file is Downloaded, “said Cyfirma.
After the announcement of the news, a google spokesperson said that the application had been deleted from Google Play and added that Android users were “automatically protected” against the known versions of this malicious software by Google Play Protect. “Google Play Protect can warn users or block known applications to present malicious behavior, even when these applications come from sources outside the game,” said the spokesperson Bleeping Compompute.
