A new application disguised as malware has been making rounds in the Google Play Store, being downloaded over 100,000 times in less than 2 weeks. Researchers at Cyfirma have analyzed this new “SpyLend” malware, part of the SpyLoan group of applications which are disguised as applications for financial services such as management or lending targeting unsuspecting users.
It was branded as a finance management application, including calculators for EMI (equated monthly installments), tax and rounding functionalities. But deeper analysis by researched showed the hidden practices within the app. Information such as location and device information was automatically gathered, and depending on your location, was previewing loan applications or other predatory lending practices.
Other reviews showed data gathering and exfiltration, displaying custom web apps within the app avoiding Play Store security checks, and redirecting users to install apps outside of the Play Store.
As of now, the app which was branded as “Finance Simplified” has been removed from the Play Store.
Cyfirma’s analysis thoroughly reviewed the backend malicious activity occuring. Check out their entire review and analysis on their report.
Prechecks When Downloading Apps
While application stores like the Google Play Store and device manufacturers offer some type of security when installing applications, malware can still infiltrate from trusted sources. Review permissions granted when using the app (for example, Location for a Weather app would be fine but maybe not Contacts for a game unless you’re sharing within
And also review an app’s Data Safety section within the Play Store (usually right above the Reviews).
Leave a Reply