Google has banned 18 apps from its Android app store after researchers uncovered a network of software being used to harass and blackmail people. Until they were recently banned, several apps claiming they could pay out legitimate loans were downloaded 12 million times – but users found they had an awfully sinister side to them.
Cybersecurity firm ESET published research that identified the apps, which were available on the Google Play Store and the Apple App Store that appeared to offer financial loans. During set up, they ask you for personal information including bank account information and proof of income, with the promise of an immediate loan.
But the apps were a front for blackmail and harassment, as ESET found scores of users who never received any money, and instead were subjected to aggressive messages demanding repayment for loans they claimed to never have received. ESET refers to this type of app as ‘SpyLoan’.
“SpyLoan apps pose a significant threat by stealthily extracting a wide range of personal information from unsuspecting users,” Lukas Stefanko, malware analyst at ESET said.
“None of these services provide an option to request a loan using a website, since through a browser the extortionists can’t access all sensitive user data that is stored on a smartphone and is needed for blackmailing.”
Our smartphones hold personal information on us, which the research found the SpyLoan apps could easily get access to and then use as ways to blackmail people who were in need of financial assistance, but who had also received none. The good news for UK smartphone owners is that no activity of this particular set of apps has been seen in the UK or Europe, with most victims located in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore.
But the global nature of apps means it’s important to be vigilant about what apps you download and what personal information you agree to share with them. Because these apps were in the Google Play Store and had managed to get around Google’s privacy checks they appeared legitimate, which contributed to their success in gaining people’s data.
The research found some of the apps had even set up fake websites to appear more trustworthy, and had stolen names and pictures of senior executives and made up open job vacancies.
“It is crucial for individuals to exercise caution, validate the authenticity of any financial app or service, and rely on trusted sources,” Stefanko said. “By staying informed and vigilant, users can better protect themselves from falling victim to such deceptive schemes.”