Credit Wallet: Easy Loans \u2013 Apps on Google Play<\/a><\/p>\nMD5: fbc71d55961197df0e9e4aa7f388c073<\/p>\n
Package name: com.creditwallet.now<\/p>\n
Fig. 4 shows permissions declared by the application in the manifest file of Android APK. Some of these permissions are unnecessary like, android.permission.BLUETOOTH, android.permission.READ_CALL_LOG<\/em> etc.<\/p>\n![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.4-300x248.png\")
<\/p>\n
Fig.4 Permissions declared by application<\/strong><\/p>\nAs per the new Google Play Policy, access to contacts, external storage and location is prohibited. However, the application tries different ways to get access to this sensitive information as explained below:<\/p>\n
1] Contact access:<\/strong><\/p>\nIllegal Loan applications ask for the victim\u2019s contact numbers, name and photographs of the contacts etc. This data is subsequently used to call or message relatives and friends of the victim in order to intimidate the user and extort money from them. Fig. 5 shows the code application used to get access to contact details. It is using runtime permission to get contact access: –<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.5-300x90.png\")
<\/p>\n
Fig. 5 contact access<\/strong><\/p>\nIf it fails to get contact details by using the above method, it uses another option to get the contacts list as illustrated in Fig. 6 below: –<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.6-300x92.png\")
<\/p>\n
Fig.6 Contact access by uriMatcher<\/strong><\/p>\n2] External Storage access:<\/strong><\/p>\nBy acquiring access to external storage any application will get access to the user’s personal photos, videos, audios, documents etc. This data is sensitive and often ignored by many users. External storage data is highly misused by loan-scam operators. They take personal photos of victims; or their relatives in order to morph them and blackmail the victims.<\/p>\n
Fig. 7 shows code used by this application to access external storage: –<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.7-300x104.png\")
<\/p>\n
Fig. 7 Accessing external storage<\/strong><\/p>\n3] Location access:<\/strong><\/p>\nBy tracking locations threat actors can get information about the places visited, and conclusions can be made about user\u2019s habits and preferences. It uses GPS data with network data to determine the location. As per the new Google Play policy, it is prohibited for loan apps to declare ACCESS_FINE_LOCATION, which allows apps to get exact and accurate geolocation.<\/p>\n
Fig.8 shows code used by the application to get location information: –<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.8-300x151.png\")
<\/p>\n
Fig. 8 Location access code<\/strong><\/p>\nThe sensitive PII (Personally Identifiable Information) collected by such apps is sent to a command-and-control server in the form of a json file.<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.9-300x123.png\")
<\/p>\n
Fig. 9 code for information sharing<\/strong><\/p>\nQuickHeal Security Labs is able to identify all such mal-intended applications with various Android.Spyloan detections.<\/p>\n
IOCs:<\/strong><\/p>\n![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.10-300x116.png\")
<\/p>\n
Tips to stay safe:<\/strong><\/p>\n\n- Try to avoid downloading applications from third party stores. Instead, install applications from official stores only.<\/li>\n
- While installing the application from Google Play Store, pay close attention to the details such as developer name, description, permissions being asked by the app, as well as its user reviews.<\/li>\n
- For loan applications, check the NBFC (Non-Banking Financial Company) name mentioned in description through a Google search of the name of the application, NBFC name etc.<\/li>\n
- Avoid using loan applications from unknown banks, NBFCs etc. and stick to known banking apps only.<\/li>\n<\/ul>\n
Conclusion<\/strong><\/p>\nThe recent Google Play policy stands as a crucial step in safeguarding users from potential risks posed by loan apps. By prohibiting certain permissions, the policy addresses significant privacy concerns. This move highlights the importance of continuous vigilance and stringent regulations to ensure the safety and security of users in the digital realm. The responsibility also lies on the part of the digital user and loan-seeker. Staying informed and advocating for responsible app practices remains paramount in this evolving technological landscape.<\/p><\/blockquote>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
In the age of instant finance at our fingertips, loan apps have reshaped how we access funds. But beneath the convenience lies a concerning trend \u2013 malicious apps that are being linked to tragic outcomes. In this blog, we will shed light on the alarming rise of these \u2018death-traps,\u2019 unravel the mechanics of these apps, […]<\/p>\n","protected":false},"author":61,"featured_media":92033,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[285,164,354,1675,1674,1747,304,293],"tags":[431,681,371,1362,674,1820,1999,1997,1010,1998],"class_list":["post-91977","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-applications","category-cyber-crime","category-mobile-security-2","category-online-frauds","category-scam-alert","category-scams","category-social-engineering-2","category-spam","tag-android","tag-cyber-fraud-attacks","tag-cyberbullying","tag-cybercrime","tag-google-apps","tag-googleplaystore","tag-instant-loan-apps","tag-loan","tag-scams","tag-spyloan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/91977"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=91977"}],"version-history":[{"count":16,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/91977\/revisions"}],"predecessor-version":[{"id":92041,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/91977\/revisions\/92041"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/92033"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=91977"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=91977"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=91977"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-300x225.png\")
<\/p>\n![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.2-300x261.png\")
<\/p>\n![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2023\/08\/Fig.3-300x118.png\")
<\/p>\n