Advisory ID: ngCERT-2023-0041
Summary: According to a recent research, the year 2023 has witnessed an alarming increase in the activities of deceptive Android loan apps, that promote themselves as reputable personal loan services, promising quick and easy access to funds. These apps allegedly defraud users by presenting them with enticing loan offers backed up by false claims, while exfiltrating its victims' financial and personal data, which is then used to blackmail and steal their funds. Consequently, android app users are advised to take necessary precautions against the activities of these loan shark apps.
Threat Type(s): Malware
Damage/Probability: HIGH/HIGH
Description: These malicious SpyLoan apps impersonate reputable loan providers and financial services, as well as promote the same through SMS messages and popular social media channels, as a means to lure victims who are in need of financial assistance. Also, it is important to note that these apps are available to download from dedicated scam websites and third-party app stores, and sometimes on Google Play. Once a user installs the app, they are prompted to accept the terms of service and grant extensive permissions to access sensitive data stored on the device, such as list of accounts, call logs, calendar events, device information, lists of installed apps, local Wi-Fi network information, contact lists, location data, and SMS messages.
Subsequently, the app requests for user registration, which is typically accomplished through SMS one-time password verification to validate the victim’s phone number. Furthermore, the users are compelled to complete the loan application process, by providing extensive personal information, including address details, contact information, proof of income, bank account details, Bank Verification Number (BVN), photos identification cards, National Identification Number (NIN) as well as a selfies. These exfiltrated and acquired data are forwarded to the attackers’ servers, and are used to either harass or blackmail users, even if a loan was not provided. The data can also be sold or used to conduct other malicious activities against their targets.
Consequences: Subscribing to the services of Loan Shark Android Apps can result to the following:
- Data exfiltration.
- Damage to reputation.
- Financial losses.
- Identity theft.
- Impersonation of victims
- Hacking of mobiles devices.
- Possible installation of malicious software.
Solution: The following are recommended
- Avoid the installation of loan apps from unofficial sources and third-party app stores.
- Validate the authenticity of financial apps before patronizing them.
- Seek the services of legitimate and financial service providers.
- Report identified or known incidents involving loan sharks.
References: