Reaction score
ESET has identified a deceptive campaign on Google Play.

Researchers from the Slovak company ESET have discovered 18 malicious loan applications within the Google Play store. These programs have amassed over 12 million downloads, targeting users in Southeast Asia, Africa, and Latin America with high-interest loans. The developers, operating under the collective name SpyLoan, aim to exploit personal and financial data for blackmail, fund embezzlement, and surveillance.

The attackers employ tactics such as falsifying privacy policies to justify requesting access to media files, cameras, contacts, call history, SMS, and calendars.

The following is the complete list of identified apps that have been removed from Google Play:

  • AA Kredit: Instant Loan App
  • Amor Cash: Loans Without Bureau
  • Oro Préstamo — Fast Cash
  • Cashwow
  • CrediBus Credit Loans
  • ยืมด้วยความมั่นใจ — Urgent Loans
  • PréstamosCrédito — GuayabaCash
  • Préstamos De Crédito-YumiCash
  • Go Crédito — Trustworthy
  • Instantáneo Préstamo
  • Cartera grande
  • Rápido Crédito
  • Finupp Lending
  • 4S Cash
  • TrueNaira — Online Loan
  • EasyCash
  • สินเชื่อปลอดภัย — Convenient Loans
Experts highlight SMS messages and social networks as the primary distribution channels for these programs, which can also be downloaded from fraudulent websites and unofficial Android apps.

Lukasz Stefanko, an ESET expert, explained, "None of these services allow you to request a loan through a website," emphasizing that criminals cannot access users' confidential data through a browser, which is crucial for their subsequent blackmail and extortion schemes.

The SpyLoan campaign has been active since 2020. To enhance user protection, experts recommend downloading programs exclusively from trusted official sources and carefully reviewing reviews and requested permissions before installation.