App with Over 100,000 Downloads from Google Play Steals User Data and Blackmails

A financial management app named Finance Simplified has been revealed as a malicious tool for stealing sensitive user data and engaging in blackmail.

Despite its fraudulent nature, the app managed to accumulate over 100,000 downloads from the Google Play Store before being removed.

The app is linked to the SpyLoan family, notorious for predatory lending practices and data exploitation.

Malicious Financial App Targets Indian Users

The app initially appeared legitimate, leveraging its presence on the official Google Play Store to gain user trust.

However, researchers found that it redirected users to an external website via a WebView component to download additional malicious components hosted on an Amazon EC2 server.

This tactic allowed it to bypass Google’s security measures, including AI-based threat detection and real-time scanning.

Once installed, Finance Simplified exploited users by offering seemingly attractive loan terms without background checks.

In reality, the app harvested sensitive data such as contact lists, call logs, text messages, photos, and device location.

Victims who defaulted on loan payments were reportedly blackmailed using this stolen information.

Google Play’s Security Measures Evaded

The app specifically targeted users in India, directing them to recommended loan applications and external websites.

Although Google has since removed the app from its platform, it may still be operational on affected devices, silently collecting data in the background.

Experts warn that this stolen information could be sold to other cybercriminals or used for further malicious activities.

Predatory lending apps like those in the SpyLoan family represent a growing cybersecurity threat.

According to Malwarebytes Report, these apps exploit victims by imposing abusive loan terms while simultaneously compromising their privacy and security.

The incident underscores the ongoing cat-and-mouse game between cybercriminals and app store security systems.

Users who suspect their devices have been compromised by such apps are advised to take immediate action:

• Change passwords: Use strong, unique passwords for all accounts.
• Enable two-factor authentication (2FA): Opt for FIDO2-compliant hardware keys for added security.
• Avoid storing card details online: Minimize exposure by manually entering payment information when needed.
• Set up identity monitoring: Monitor for personal data misuse or illegal trading online.

This incident highlights the importance of vigilance when downloading apps, even from trusted sources like Google Play.

Cybersecurity experts recommend thoroughly researching apps and reading user reviews before installation to avoid falling victim to similar schemes.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free