New attack warning hits phone users
A stark new warning has just been issued, as a “a global threat exploiting social engineering” tricks its way onto more than 8 million phones. Beware, if you fall victim it could prove devastatingly expensive. These new attacks “lead to extortion, harassment, and financial loss.”
I’ve warned about the dangers of so-called SpyLoan apps before. Now McAfee’s mobile research team has reported “a significant global increase” in these “predatory loan apps.” Targeting Android users across multiple countries, the researchers warn that these attacks “use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions”. All of which is designed to relieve you of your hard-earned cash.
McAfee has identified “fifteen apps with a combined total of over eight million installations.” The apps use a common back-end framework to control installed apps and then exfiltrate data from devices. Unlike many such attacks which take advantage of Android’s sideloading option, these apps were on the platform’s official Play Store. Google has removed some of the apps and the others have been updated any the developers to remove the threat.
SpyLoan apps
The list of 15 apps can be seen above and users should check if they have any installed on their phone and remove them right away. It’s not worth the risk of leaving them unattended.
As McAfee explains, “SpyLoan apps are intrusive financial applications that lure users with promises of quick and flexible loans, often featuring low rates and minimal requirements.” Just as we have seen with this holiday’s season’s surge in dangerous shopping apps and websites, these too good to be true promises are exactly that—too good to be true. They also create a sense of urgency with time-limited offers designed to prey on the most vulnerable. Don’t take the bait. “Ultimately, rather than providing genuine financial assistance, these apps can lead users into a cycle of debt and privacy violations.”
These apps operate in a grey area of permission abuse and malicious business practices rather than actual malware, and so can often trick their way onto official stores. “Despite violating policies, these apps often slip through app store vetting processes and are available on platforms like Google Play, making them appear trustworthy.” Google’s advice is always to ensure you have Play Protect enabled, which will flag apps as soon as they are brought to the company’s attention.
But that will be too late for those falling victim. And so you should simply avoid installing any such apps based on these marketing promises. Not unless you can absolutely vouch for the integrity of the firm and that the app is genuine and not a faked copy of the brand.
According to ESET, since early 2023 “researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds.”
Google has issued guidance for Android users to check whether their devices might be compromised; here are the device “symptoms you can check for:
Device Symptoms:
- Alerts about a virus or an infected device
- Anti-virus software you use no longer works or runs
- A significant decrease in your device’s operating speed
- A significant, unexpected decrease in storage space on your device
- Your device stops working properly or working altogether
Browser symptoms:
- Alerts about a virus or an infected device
- Pop-up ads and new tabs that won’t go away
- Unwanted Chrome extensions or toolbars keep coming back
- Your browsing seems out of your control, and redirects to unfamiliar pages or ads
- Your Chrome homepage or search engine keeps changing without your permission
Other symptoms:
- Your contacts have received emails or social media messages from you, but you didn’t send the emails or messages.
If you see any of these symptoms on your device, then Google’s advice is as follows:
- Make sure Google Play Protect is turned on
- Check for Android device & security updates
- Get the latest Android updates available for you
- Get security updates & Google Play system updates
- Remove untrusted apps (meaning from outside Play Store or no longer on Play Store)
- Do a Security Checkup
