Malicious banking apps on Google Play and App Store

Security firm Lookout, Inc today announced the discovery of nearly 300 bank loan applications exhibiting malicious behavior such as the exfiltration of user data from mobile devices as well as harassment of borrowers for repayment.

These applications have been detected in Africa and Southeast Asia, as well as in India, Colombia and Mexico. They are supposed to offer fast, fully online loan approvals with reasonable loan terms. In reality, they exploit victims’ desire for quick cash to attempt to trick them into abusive loan deals by asking them to allow access to sensitive information on their device, such as contacts, call history and text messages – information that would not be required in a traditional loan application process.

In addition to excessive permission requests, many lenders engage in scam-like behavior. Victims have reported that their loans come with hidden fees, high interest rates, and repayment terms far less favorable than those displayed on app stores.

Lookout Threat Lab also found evidence that data exfiltrated from devices was sometimes used to pressure the customer into repayment – ​​a common threat tactic for disclosing a borrower’s debt or other personal information to their client. contact network.

In total, Lookout researchers discovered 251 Android apps on the Google Play Store with over 15 million downloads in all. The team also identified 35 apps on Apple’s App Store that were in the regional top 100 financial apps. Lookout has been in contact with Google and Apple about these apps and as of today none of them are available for download.

“Mobile apps have made managing our lives much easier and are a convenient way to interact with businesses such as financial institutions. However, when trusting an app with sensitive personal information, it is extremely important to consider whether the requested information makes sense and whether the company behind the app is a trusted entity,” said Ruohan Xiong, Senior Security Intelligence Researcher at Lookout. “As these malicious lending apps have demonstrated, app permissions can easily be abused if users are not careful.

Although there are probably dozens of independent operators involved, all of these bank loan apps have a very similar business model: trick victims into agreeing to falsified loan terms and then extort payment from them. » Lookout Mobile Endpoint Security and Lookout Personal Digital Safety customers are protected against these threats. Although these apps have been taken offline, Lookout advises consumers to exercise caution when engaging with online businesses, including financial institutions.

We would love to give thanks to the author of this post for this incredible content

Malicious banking apps on Google Play and App Store

You can find our social media profiles , as well as other related pages