Malicious Loan Apps on Google Play Store Used to Blackmail and Extort Users

HomeFeatureMalicious Loan Apps on Google Play Store Used to Blackmail and Extort Users


  • ESET exposes 18 malicious loan apps on Google Play Store targeting Android users.

  • Apps trick users into giving sensitive data, leading to extortion and blackmail.

  • Violations include short repayment terms and high interest, defying Google’s policies.

  • 17 apps removed post-ESET alert, one remains in a new version.

Blackmail and online fraud go hand and hand these days, this is doubly true when you are downloading unverified apps.

In a startling revelation, security experts at ESET have found out a series of malicious loan applications on the Google Play Store, posing a significant risk to Android smartphone users.

These apps, collectively referred to as ‘SpyLoan’ malware, have been downloaded millions of times, targeting unsuspecting users primarily in Africa, Latin America, and Southeast Asia.

The crux of this scam lies in how deceptive these apps can be, such as 4S Cash, AA Kredit, and Go Crédito, among others.

Google has removed 17 out of the 18 SpyLoan apps from the Play Store
Google has removed 17 out of the 18 SpyLoan apps from the Play Store

These apps lure users with the promise of quick and easy loans, complete with attractive interfaces and false assurances of low-interest rates.

However, the reality is far more sinister.

Once installed, these apps demand extensive permissions, granting them access to sensitive personal data including camera, contacts, messages, call logs, images, Wi-Fi network details, and calendar information.

This data is then secretly transmitted to remote servers controlled by the operators behind these apps.

These predatory lending applications go beyond mere data collection.

Users are enticed to take loans which are then used as leverage for extortion and blackmail.

The repayment terms are aggressively short, often just a few days, in clear violation of Google’s Financial Services policy that mandates a minimum loan tenure of 60 days.

For instance, one user reported being forced to repay 450 pesos with an interest of 549 pesos, totaling 999 pesos – a steep price for a short-term loan.

SpyLoan apps attempting to access a user's personal information
SpyLoan apps attempting to access a user’s personal information

The method of operation of these apps is cunningly crafted.

To gain legitimacy, they complete the required documentation and Know Your Customer (KYC) identification for publishing on the Play Store.

Moreover, they link to official-looking websites filled with fake information, including stock images posing as employee photos, to further deceive users.

The situation is alarming, as 17 of these 18 apps were removed by Google only after ESET’s notification, with one still available in a new version on the store.

The existence of such apps raises serious concerns about the safety measures and vetting processes in place on platforms like the Google Play Store.

The last app is still available on the app store as a new version of the app was published to the Play Store and it does not offer the same functionality or feature the same permissions.

The list of apps detected by ESET include 4S Cash, AA Kredit, Amor Cash, Cartera grande, Cashwow, CrediBus, EasyCash, EasyCredit, Finupp Lending, FlashLoan, Go Crédito, GuayabaCash, Instantáneo Préstamo, Préstamos De Crédito-YumiCash, PréstamosCrédito, Rápido Crédito, TrueNaira.

While these apps have been removed from the Play Store, they will remain on the devices of users who have these apps installed until they manually remove them.

If you have any of these apps installed on your smartphone, you should uninstall them right away.


What are the malicious loan apps identified by ESET on the Google Play Store?

ESET identified 18 malicious loan apps on Google Play Store, designed to exploit Android users’ personal data for blackmail and extortion.

How do these malicious loan apps on Google Play Store endanger users?

These apps deceive users into granting access to sensitive information like contacts and photos, which is then used for extortion.

What actions have been taken against the malicious loan apps on Google Play Store?

Following ESET’s notification, Google removed 17 of the 18 identified malicious apps, with one still available in a revised form.

What should Android users be cautious of with loan apps on the Google Play Store?

Users should be wary of apps demanding excessive permissions and offering unrealistic loan terms, as these could be malicious.

What has google response been on the ongoing challenge of malware ?

Google has expressed its commitment to shielding users from predatory apps and highlighted its removal of over 200 SpyLoan apps from the Play Store in the past year.
However, the company acknowledges the persisting challenge and the need for users to remain vigilant.

Google urges users to exercise caution, conduct thorough research before downloading financial apps, review app permissions, check developer information, use reputable sources like official app stores, and stay informed about the latest security threats.

What are the consequences of the fake Bard AI malware?

The fake Bard AI malware enables attackers to hijack social media login credentials, posing a significant threat to individual privacy and security.

The malware primarily targets social media users, small businesses, and Facebook advertisers, gaining unauthorized access to their accounts.

How has Google responded to the Bard AI malware scam?

In response to the fake Bard AI malware scam, Google has filed nearly 300 takedown requests and initiated legal action.

This lawsuit aims to disrupt the tools used by scammers, establish a legal precedent, and raise the consequences for such malicious activities.

What was the main finding of the Kaspersky report on Google Play Store?

Kaspersky’s report revealed that users downloaded over 600 million malware-infected apps from the Google Play Store in 2023.

These apps included those with mini-game ads and Minecraft clones that harboured hidden adware, posing significant security risks to users.

What type of malware was most commonly found in these apps?

The report identified the SpinOk malware in more than 100 apps, primarily featuring in-app mini-games that promised rewards.

This malware was used to collect user data covertly. Additionally, many apps were found to be infected with hidden adware and the Fleckpe subscription Trojan.

How did the Fleckpe subscription Trojan affect users?

The Fleckpe subscription Trojan, found in several Play Store apps, installed a malicious payload on users’ devices.

It collected information like the user’s country and mobile operator, then opened web pages with paid subscriptions, unknowingly subscribing users to these services

Also Read: Kaspersky Report Highlights Over 600 Million Malware Downloads from Google Play Store

Also Read: Supreme Court Tech Committee Finds Malware, Pegasus Spyware Suspected

Also Read: SpyNote Malware Targets Android Users By Recording Your Calls, Taking Screenshots

Latest Articles