A previously observed Android malware campaign has been using money-lending apps to blackmail victims into paying attackers for the personal information stolen from their devices. The attacker uses the cross-platform Flutter framework to develop apps with malicious features and complicate the detection of malicious activity.
None of all 33 apps used in the campaign have been distributed through the Google Play Store, they are only available on unofficial app stores, or sideloaded to the devices via smishing, compromised websites, rouge ads, or social media campaigns. Once the victim downloads the app they are prompted to grant permissions under the pretext of guaranteeing a loan, therefore gathering personal information.
Data collected includes, GPS location, SMSes, contacts, call logs, files, photos, and audio recordings, this information is used to pressure victims into paying exceptionally high-interest rates on loans, and some even after the loan is repaid.
The threat actors use victims’ sensitive information to harass them into paying with alarming threats such as revealing their personal information, calling their contacts, sending abusive messages. Although it’s unclear the scale of these attacks data shows these apps have over 100.000 downloads.
These attacks are exploiting victims’ desperation for quick cash and putting people at risk of having their data exploited.