A previously undocumented Android malware campaign has been observed using a money lending app to blackmail victims into paying with personal information stolen from their devices.
Mobile security company Zimperium dubbed the activity. money mongerpoints to developing an app using the cross-platform Flutter framework.
Zimperium researchers Fernando Sanchez, Alex Calleja, Matteo Favaro, and Gianluca Braga wrote in a report shared with The Hacker news that MoneyMonger “utilizes Flutter’s framework to obfuscate malicious functions and It complicates detecting malicious activity through analytics.”
“The nature of Flutter hides malicious code and activity behind a framework outside the static analysis capabilities of traditional mobile security products.”
The campaign, which is believed to have been active since May 2022, is part of a broader effort previously disclosed by Indian cybersecurity firm K7 Security Labs.
None of the 33 apps used in the malicious scheme were distributed through the Google Play store. Instead, money lending applications are available from unofficial app stores or sideloaded onto mobile phones via smishing, compromised websites, deceptive advertising, or social media campaigns.
Once installed, this malware poses risks as it is designed to urge users to give intrusive permissions under the pretext of guaranteeing loans and collect various personal information.
Collected data (GPS locations, SMS, contacts, call history, files, photos, voice recordings, etc.) is used as a pressure tactic to coerce victims into paying excessively high interest rates on loans. increase. The loan will be repaid.
Worse, threat actors can harass borrowers by exposing their information, threatening to make calls from their contact list, or send abusive messages or distorted photos from infected devices. increase.
The scale of the campaign is unknown due to the use of sideloading and third-party app stores, but it is estimated that the malicious app was downloaded over 100,000 times through distribution channels.
Zimperium Director of Mobile Threat Intelligence Richard Melick said in a statement:
“Quick loan programs are full of predatory models such as high interest rates and repayment schemes, but adding blackmail to the equation increases the level of malice.”
The findings come two weeks after Lookout discovered nearly 300 mobile loan applications on Google Play and Apple’s App Store.
These apps not only steal huge amounts of user data, but also come with hidden fees, high interest rates, and payment terms that strongly arm victims for paying out fraudulent loans.
Late last month, Lookout “exploited victims’ desire for quick cash to trick borrowers into predatory loan agreements and demand that they be granted access to sensitive information such as contacts and SMS messages.” said.
Developing countries are prime targets for risky loan apps. Digital lending has exploded in markets like India, and people who have been turned down by banks for failing to meet income requirements are unknowingly turning to such platforms.
The exploitative nature of personal loan terms has also led to multiple suicide incidents in the country, prompting the Indian government to begin work on a permitted list of legal digital lending apps allowed in app stores. It is
Google revealed in August that it had removed more than 2,000 credit payment apps from the Indian Play Store since the beginning of the year for violating its terms.
The government is also calling for urgent and stringent action by law enforcement agencies against lending apps found to harass, intimidate, and use harsh collection techniques.