Malicious SpyLoan apps gain traction on Android

BleepingComputer reports that more than 12 million Android devices have collectively downloaded 18 malicious loan apps dubbed "SpyLoan," which could exfiltrate not only call logs, local Wi-Fi network information, and image metadata but also text messages, location information, and contact lists. While SpyLoan apps initially emerged in 2020, detections have risen since the beginning of 2022, especially in Mexico, India, and Thailand, according to a report from ESET. Such apps were noted by researchers to adhere to the Financial Services policy of Google but sought permissions beyond those needed under Know Your Customer standards, with the apps discovered to require camera permissions to enable photo data uploading for KYC, as well as calendar access permissions. "We believe the real purpose of these permissions is to spy on the users of these apps and harass and blackmail them and their contacts," said ESET researchers. All but one of the apps have already been removed by Google while the remaining app was already given a new set of permissions that no longer made it a SpyLoan threat.