More malware on Play Store
SpyLoan — a family of malicious, malware-laced apps continues to plague Android. And despite the raft of alerts, those apps still find their way onto Play Store. The latest report warns that downloads of the newest member of the SpyLoan family are surging, “increasing from 50,000 to 100,000 within a single week.”
That news comes courtesy of Cyfirma, which has outed the SpyLend app, which has been crafted to “enable malicious actors to engage in predatory lending, blackmail, and extortion.” The app has started its journey in India, but history tells us it will spread or find itself cloned quickly to target more geographies.
The researchers say that the app comes “disguised as ‘Finance Simplified (package: com.someca.count),’ illicitly serving as a gateway to predatory loan applications.” It bypasses Play Store security by linking to apps outside the store, thus bypassing scans that would flag up the malware. This is exactly why Google’s new on-device scanning is so critical, to ensure apps can be flagged when they exhibit dangerous behaviors.
The other recent Google change that now comes into play (no pun intended) is Play Store’s quality warnings, which focus on poor reviews and uninstalls amongst other things. “Numerous user reviews highlight complaints about blackmailing, harassment, and the misuse of personal data, including editing photos to create fake nude images.
There is also the sideloading aspect to this attack, which will become harder as Google, Samsung and others clamp down on unrestricted app installs. The way in which SpyLend has been set up, is a clear illustration as to why those restrictions are needed. If you do find yourself infected, the loan apps “harvest sensitive user data, enforce exploitative lending practices, and employ blackmail tactics to extort money.”
As ever, the specifics of the app and the campaign are less important than the advice as to how you stay safe, In this instance it’s straightforward. Do not install apps with poor reviews from unknown developers, especially when it’s as sensitive as a finance app. Ensure Play Protect is enabled. Keep your OS updated. And never allow any Play Store app to install software/apps from outside the store.
Google told me “the app has been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
