ESET has dubbed these dangerous apps “SpyLoan,” warning that all the apps “are marketed through social media and SMS messages, and available to download from dedicated scam websites and third-party app stores. All of these apps were also available on Google Play.”
The apps stem from the same source and behave identically once installed, regardless of the store from which they were downloaded. The apps had already targeted multiple countries by the time ESET issued its warning, albeit not yet Europe or the US. But US and European users with contacts in those targeted countries, especially where they use overseas numbers, could be at risk.
The apps are designed to steal sensitive personal information, including account details, messages and contacts. ESET passed details of 18 such apps on the Play Store to Google, with all but one removed. But not before those apps had secured more than 12 million downloads.
If you have any of these 17 apps on your phone (list courtesy of PhoneArena), obviously delete them right away and you would be well advised to change the passcode for your device, your WiFi password and the passwords for your key financial accounts. You should also keep an eye out for suspicious activity, emails or other messages that you receive for some time to come.
AA Kredit
Amor Cash
GuayabaCash
EasyCredit
Cashwow
CrediBus
FlashLoan
PréstamosCrédito
Préstamos De Crédito-YumiCash
Go Crédito
Instantáneo Préstamo
Cartera grande
Rápido Crédito
Finupp Lending
4S Cash
TrueNaira
EasyCash
But these specific 17 apps are not really the issue, but rather just the latest example of sophisticated malware targeting the smartphones that gatekeeper all our lives and access all our critical information and most sensitive information.