Android phones under attack from malicious apps with over 8 million installs — delete these now

Green skull on smartphone screen.
(Image credit: Shutterstock)

Even if you know better, it’s easy to get wrapped up in the idea of quick, hassle-free cash delivered instantly to your smartphone. In fact, the appeal is so strong that scammers are now using this idea as a lure in a new predatory loan app campaign.

According to a new blog post from McAfee, the cybersecurity firm’s researchers have identified 15 apps with a combined 8 million installations that are stealing personal and financial data from their victims. The apps in question were found on the Google Play Store and other official app stores which makes them particularly dangerous since they’re being distributed through official channels on a global level.

To get unsuspecting users to download them, these malicious apps use names, logos and designs that are very similar to official financial apps. They’re also promoted through fake ads on social media sites.

Here’s everything you need to know about these 15 new SpyLoan apps and how you can avoid falling victim to them and similar scams online.

Delete these apps right now

When you take a look at the list of predatory loan apps below, you’ll see that most of them are being used to target Android users in South America, Southern Asia and Africa. Still, scammers could easily create a similar malicious app to target users in the U.S. and find a way to get it listed on an official app store.

If you have any of these apps installed, it’s highly recommended that you manually delete it from your phone. While Google Play Protect and the best Android antivirus apps can catch malicious apps spreading malware, apps like these can be harder to detect since their malicious activity is usually handled outside the app itself.

Here’s the full list of all 15 recently discovered SpyLoan apps along with how many times they’ve each been downloaded:

Swipe to scroll horizontally
App nameDownloads
Préstamo Seguro-Rápido, Seguro1 million
Préstamo Rápido-Credit Easy1 million
Get Baht Easily - Quick Loan (ได้บาทง่ายๆ-สินเชื่อด่วน)1 million
RupiahKilat-Dana cair1 million
Borrow Happil - Loan (ยืมอย่างมีความสุข – เงินกู้)1 million
Happy Money (เงินมีความสุข – สินเชื่อด่วน)1 million
KreditKu-Uang Online500 thousand
Dana Kilat-Pinjaman kecil500 thousand
Cash Loan-Vay tiền100 thousand
RapidFinance100 thousand
PrêtPourVous100 thousand
Huayna Money – Préstamo Rápido100 thousand
IPréstamos: Rápido Crédito100 thousand
ConseguirSol-Dinero Rápido100 thousand
ÉcoPrêt Prêt En Ligne100 thousand

SpyLoan apps hiding in plain sight

A picture showing the Google Play Store app icon on a smartphone

(Image credit: Shutterstock)

SpyLoan apps like the ones listed above use the promise of quick and flexible loans — often with low rates and minimal requirements — to trick unsuspecting users into downloading them and filling out their personal and financial information.

Instead, they’re primarily designed to collect as much personal information as possible on potential victims. From there, the scammers behind the apps use this info to harass and extort users into paying incredibly high and predatory interest rates on what little money they do receive.

The predatory loan apps I’ve covered in the past often gave victims some but not all of the money they were approved for. They then had a very short amount of time to repay their loan in full before constantly badgered with harassing messages and phone calls.

In its blog post, McAfee’s researchers point out that most SpyLoan apps have the same or a similar onboarding process in which victims are presented with a list of nearly identical privacy terms to which they have to agree in order to proceed. These terms describe and justify why so much sensitive data has to be collected by the app. However, no bank would require this much data or these kinds of sensitive permissions on one of the best Android phones.

It’s worth noting that many of these 15 SpyLoan apps share the same command and control (C2) infrastructure for data exfiltration. As such, it’s highly likely that the same developer or group of cybercriminals is behind all of them.

Besides hidden fees and high interest rates, installing one of these SpyLoan apps could also lead to unauthorized charges on your financial accounts. Likewise, your personal information could be sold to third parties or even used for blackmail purposes if you don’t repay your loan as quickly as the scammers want you to. At the end of its blog post, McAFee shares some of the experiences that victims had to deal with. From threatening calls and death threats to their friends and family being sent harassing messages, the scammers behind these predatory loan apps will go to extreme lengths.

How to stay safe from dangerous apps

A hand holding a phone securely logging in

(Image credit: Google)

If an app or what it offers seems too good to be true, steer clear and avoid downloading it altogether. However, if you are curious, there are a few dead giveaways that an app might be malicious.

For starters, you want to check an app’s rating and reviews. Many of these SpyLoan apps have loads of one star reviews and ratings that warn others to avoid them at all costs. As app ratings and reviews can be faked, it’s always a good idea to look elsewhere too. Video reviews are great as they show the app in question in action but written ones can provide a lot of useful info too. If there aren’t any external reviews for a particular app, it’s better to avoid downloading it. You should also look into the developer and check out their other apps just to be safe.

When you do install new apps on your phone, make sure to pay close attention the first time you run it. Most apps ask for permissions to do what they’re intended to do but malicious apps will ask for access to even more of them and ones that don’t really make sense. For example, a flashlight app doesn’t need access to your contacts or to your phone’s dialer. If an app asks for permission to use Android’s accessibility services, this can be a major red flag as hackers often abuse this feature to make their malware more powerful.

Another important thing that will help keep your Android phone safe is to install the latest updates as soon as they become available. Hackers love to prey on users running outdated software and even those small monthly updates can contain security patches and other fixes.

SpyLoan apps likely won’t be going anywhere anytime soon given how profitable they can be for scammers. This is why you need to be extra careful when downloading new apps onto your Android phone or tablet and this is especially true if you share devices with young children.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Hackers are using the Amazon Appstore to spread malware — delete this malicious app now
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
A hacker typing on a computer
FBI issues serious warning to iPhone and Android users — stop doing this ASAP
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
Green skull on smartphone screen.
Hackers are spreading info-stealing malware and taking over accounts using fake wedding invitations — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in Online Security
A person on a laptop converting a PDF to a DOC
FBI issues warning over free online file converters that infect your PC with malware
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 18 (#646)
A person on a laptop converting a PDF to a DOC
FBI issues warning over free online file converters that infect your PC with malware
The Find my People feature
Android Find My can now track your friends and family — here's how to use it
Foldable iPhone concept image
Are you sitting down? Here’s what the foldable iPhone could cost
Samsung HW-Q990D soundbar
Samsung’s flagship 2024 soundbar just got bricked by a new firmware update — don’t update
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users