Downloading apps in Google Play is becoming unsafe for users, especially those who can't recognize apps from trusted developers as opposed to sketchy ones. More than a dozen apps have been found to be used by threat actors to blackmail people for money, particularly those looking for easy loans.
Fake Loan Apps Have Millions of Collective Download
It's already concerning enough that there are 18 fraudulent loan apps that can be found on Google's app store, but the situation is worsened by the number of people who have already downloaded them. Overall, reports say the apps have collected 12 million downloads.
The loan apps are advertised as a way to get easy loans. To avoid suspicion, they offer high-interests in exchange for the convenient service. Unfortunately, these are all ploys in order to steal user data and use it for threats.
Categorized as "SpyLoan apps," ESET alerted Google Play about the situation. Research states that in just the first half of 2023, these fraudulent apps have grown by 90%, which can be linked to the growing popularity of fintech apps as well.
They usually pass as legitimate and bypass Google's app requirements by copying the descriptions from real fintech apps. Once the SpyLoan app has been installed, attackers will begin conducting illegal methods to obtain money.
Users won't even have to apply for a loan before this happens. Some claim that even if they haven't availed of the offer yet or weren't approved for the loan, the trackers would already harass or blackmail the victims and urge them to make payments, as per Gizmodo.
Harassment was not as bad as the extreme cases that others have experienced. In the app reviews, users say that the attackers would even threaten their families if payments were not made. It's possible that the attackers would even know specific details as personal information is stolen through the app.
Another user shared a screenshot of a text from one of the apps, which stated: "Is the debt you have worth your peace of mind and that of your loved ones? ... Do you really want to put your safety at risk? ... Are you willing to pay the consequences?"
Google already confirmed the cases, saying that they take security claims against apps seriously and that if they find that an app has violated their policies, they take appropriate action. Fortunately, the fraudulent apps have already been taken down by Google.
How to Identify Fake Apps
The best way to avoid these apps is to learn how you can identify them. If you look closely enough, it will be obvious that the apps are not legitimate. The very first thing you can do is check the reviews of the product.
This may not be an option if the app only has a few downloads, but that in itself could already be a sign that it's fake. You can also look for grammar mistakes. As per NordVPN, legitimate app creators make sure that the descriptions have no errors, which threat actors pay little attention to.
App permissions can also tell you if the app has hidden spyware. For instance, simple apps like flashlights might ask for access to your photos or contacts, even though the app has no need for them.