Security News > 2022 > December > Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims
A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices.
The money lending applications, instead, are available through unofficial app stores or sideloaded to the phones via smishing, compromised websites, rogue ads, or social media campaigns.
The scale of the campaign is unclear owing to the use of sideloading and third-party app stores, but the rogue apps are estimated to have racked up over 100,000 downloads through the distribution vector.
"The extremely novel MoneyMonger malware campaign highlights a growing trend by malicious actors to use blackmail and threats to scam victims out of money," Richard Melick, director of mobile threat intelligence at Zimperium, said in a statement.
These apps not only exfiltrate extraordinary volumes of user data but also come with hidden fees, high-interest rates, and payment terms that are used to strong-arm victims for payment on fraudulent loans.
The exploitative nature of the personal loan terms has also led to multiple incidents of suicides in the country, prompting the Indian government to initiate work on an allowlist of legal digital lending apps that are permitted in app stores.
News URL
https://thehackernews.com/2022/12/android-malware-campaign-leverages.html
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)