A new set of 15 SpyLoan apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa.
The apps were discovered by McAfee, a member of the 'App Defense Alliance,' and have now been removed from Android's official app store.
However, their presence on Google Play is indicative of the threat actors' persistence, as even recent law enforcement actions against SpyLoan operators have not curbed the issue, says McAfee.
The last major "SpyLoan cleanup" on Google Play was in December 2023, when over a dozen apps that had amassed 12 million downloads were removed.
SpyLoan apps are tools promoted as financial tools that offer users loans through a fast-track approval process under deceptive and often false terms.
Once the victims install those apps, they are validated via a one-time password (OTP) to ensure they're based in the target region. Then they are requested to submit sensitive identification documents, employee information, and banking account data.