You would think that with all the fuss companies like Google and Apple make about third-party app stores their own app stores would be risk-free, right? Unfortunately, that couldn’t be further from the truth. According to a recent security report by CYFIRMA, they have uncovered a new Android malware called SpyLend that has infected at least 100,000 devices to date.
What is SpyLend?
According to CYFIRMA, the SpyLend Android malware is part of a group of malicious Android apps called “SpyLoan.” These apps are designed to look like financial tools or even loan services. They entice those desperate for money who might not qualify for loans from more legitimate organizations, such as banks.
The developers of these apps try to lure users by promising quick and easy loans, sometimes requiring little to no documentation. Sounds too good to be true? Indeed, which is all the more reason not to trust them. However, we can’t blame users for falling for it, especially if they desperately need money.
Once you install the app, it typically demands numerous permissions that a financial app wouldn’t generally require. The app collects your data and then uses it against you for extortion or blackmail if you fail to repay the loan. It acts like a cyber loan shark.
How did it slip past Google?
To make matters worse, the app seems to have slipped past Google’s so-called extensive reviews. The app was calling itself “Finance Simplified” on the Play Store. It saw a surge in downloads from 50,000 to 100,000 within a single week. This is despite the various negative reviews where users complained about harassment and blackmail.
Such an app would have raised a ton of red flags. However, it managed to escape detection on Google Play. This was achieved with the app loading a WebView and redirecting users to an external site. That website then prompts users to download the loan app as an APK. This means that the app itself isn’t malicious per se, but rather its actions.
Thankfully, the app is no longer on the Play Store. However, it can probably still run in the background if you’ve installed it already. In a statement sent to Bleeping Computer, a Google spokesperson said, “The app has been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
In the meantime, if you have installed the app, delete it immediately. Be sure to reset all your permissions, scan your device for additional malware, and change the passwords to your banking apps.