Nearly 300 mobile-based scam loan apps have been taken off Google Play and App Store after an investigator discovered they were targeting cash-strapped victims in poorer countries.
Cybersecurity firm Lookout notified both platforms of its discovery, which details a wide-ranging cyberattack on victims across Africa and Asia, as well as Latin American countries such as Colombia and Mexico.
“These apps, which were found in Southeast Asian and African countries, as well as India, Colombia, and Mexico, purportedly offer quick, fully-digital loan approvals with reasonable loan terms,” said Lookout. “In reality, they exploit victims’ desire for quick cash to ensnare borrowers into predatory loan contracts and require them to grant access to sensitive information such as contacts and SMS messages.”
The latter types of data were then used to intimidate victims who refused to pay fraudulently high interest fees that had not been specified in the original app agreement in “name and shame” extortion campaigns that threatened to contact debtors’ family members.
“In addition to predatory requests for excessive permissions, many of the loan operators display scam-like actions,” said Lookout. “A number of users have reported that their loans come with hidden fees, high interest rates, and repayment terms that are much less favorable than what is posted on the app stores. We also found evidence that the data exfiltrated from devices are sometimes used to pressure for repayment, either by harassing the customers themselves or their contacts.”
Criminals unfazed by bad reviews
As evidence to support its findings, Lookout cited numerous complaints posted on Google Play and App Store by previous victims. One such user said the original 180-day grace period to begin repaying the loan was truncated to just eight, with previously undisclosed heavy interest rates eating away a large chunk of the money lent to them.
Unfortunately, such a public online outing does not seem to have deterred the scammers behind the fraudulent apps.
“Based on the low review scores of most of the apps, the loan operators don't seem to be afraid of getting caught and find the reputation of the individual apps to be disposable,” said Lookout. “This may partially be the result of looser financial regulations or lack of enforcement.”
Lookout said the scam apps gain leverage over their cash-poor victims by refusing to process any loans until all excess permissions are granted. In the case of one of them, the Eastbay loan app ostensibly based in Colombia, the victim had to surrender control over “making and managing” phone calls and SMS, personal contact lists, and access to photos and other digital media on the target device.
“Once the victim’s information is exfiltrated by the app and the loan is distributed, the collector then begins cycles of harassment,” said Lookout. “Sometimes the loan operator would wait until the repayment deadline has passed, but we’ve seen many complaints indicating that harassment occurs before payment is required. This is where the exfiltrated contact information comes in, where anyone – including those that the victim didn’t include in their loan application – would be contacted.”
Lookout reports that after contacting Google Play and App Store, all of the offending apps have been removed. Before that, it said it had detected 251 scam loan apps on the former platform, with another 35 uncovered on the latter that had made the top 100 finance lists in their respective regions.
Preying on the poor
This targeting of poorer victims in countries that may lack robust regulatory oversight lends a darker aspect to an already nefarious brand of online crime.
“All the predatory loan apps were found in developing countries,” said Lookout. “Specifically, we identified apps targeting users in Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda. While we don’t have evidence of where the scam operators reside, it's clear that these regions were identified to be lucrative.”
Nor could Lookout say for sure how many cybercriminals were behind the loan-scam apps, but it added that they were likely to be a diffuse bunch of bad actors, operating on a small scale individually but adding up to a problem of much greater magnitude.
“Based on our analysis, there are likely dozens of independent operators involved, as we only found shared code bases between small batches of apps,” said Lookout. “With that said, all the apps have a very similar business model, which is to trick victims into unfair loan terms and threaten them to pay.”
Comments