ESET researchers revealed the wrong methods used by these loan apps to ignore Google Play Games Store restrictions. This malware with attractive interface promises to fund users immediately with terms of heavy interest. Targeting users from Africa, Latin America and Southeast Asia, mainly, these Spielon apps not only pass the KYC probe, but also show fake information on official looking websites, including stock photos in the form of photographs of employees.
Once users get a loan, these apps request many sensitive permissions from them, such as camera, contact, SMS, call log, photos, Wi-Fi details and calendar details. This data is then sent to the server of the apps.
Violation of Google’s financial service policy, these apps unrendowablely keep a very short time of repayment, forcing users to pay with a lot of interest rates. Users reported pressure to repay the amount like 450 peso (about Rs 2,160) with an additional interest of 549 peso (about Rs 2,640), which are a total of 999 pesos (about Rs 4,800).
ESET informed Google about 18 apps, out of which 17 were removed. However, an app remains on the store by taking the form of a new version. In listed apps, 4s Money, Aa Kredit, Amor Money, Cartera Grande, Cedwow, Credibus, Easycash, Easycredit, Finupp lending, Flashloan, Exit Crédito, Guayabacash, EXITRABASHTOR Préstamos de Crédito-Yumicash, Préstamoscrédito, Ráppido Crédito and Truenaira.
However, even after being removed from the play store, these apps can remain on the users’ devices till they are manually removed. Users who have these apps should immediately uninstall them.
