Android device owners downloaded malicious loan apps from the Google Play Store 12 million times since 2020, according to a report from ESET Research Tuesday. The report identified 18 fraudulent apps that market themselves as offering quick and easy high-interest loans. In actuality, the apps steal victims’ personal and financial information to blackmail users, sometimes threatening their families, and stealing their money.
ESET classifies these bad actors as “SpyLoan apps” because they utilize spyware. Google has reportedly removed the identified SpyLoan apps from the Google Play store since ESET alerted them. Research shows SpyLoan apps have grown by 90% in the first half of 2023, largely targeting users outside of the U.S. and Europe. The fraudulent apps occasionally impersonate the names and branding of loan providers and financial institutions.
Google did not respond to Gizmodo’s request for comment.
After a SpyLoan app is installed, the attackers harass and blackmail victims into making payments, even if the user didn’t apply for a loan or wasn’t approved. Several users left negative reviews, noting the apps often don’t ever send out loans and harass users to no end. In extreme cases, users say the app’s enforcers threatened the safety of their families.
One user shared a screenshot from one of the SpyLoan apps texting them, “Is the debt you have worth your peace of mind and that of your loved ones? … Do you really want to put your safety at risk? … Are you willing to pay the consequences?”
SpyLoan apps often impersonate legitimate fintech apps, which have grown in popularity recently by offering highly accessible financial services to people who typically can’t access them. They bypass Google Play’s app requirements by copying the app descriptions of other fintech apps.
ESET reports users from countries such as Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia and Peru were victims of the SpyLoan apps.