Predatory lending apps found in Google and Apple stores • The Register

Nearly 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers.

The loans came with hidden fees and high interest rates that drove up payments and the apps asked for sensitive information on their mobile devices. This included SMS messages, photos, phone history and contact lists that were then used against victims, according to researchers from cybersecurity provider Lookout.

In some cases, data extracted from the device was used to extort money from borrowers by threatening to disclose the data or debt information to their contacts, the researchers wrote in a report.

In total, more than 251 Android apps were found on the Google Play souk and collectively downloaded more than 15 million times, and 35 iOS apps on the Apple Store that are among the top 100 financial apps on the regional stores.

Lookout contacted Google and Apple about the apps and said on Wednesday that none of them were yet available for download.

“What has been identified is a small drop in the ocean overall,” said Chris Clements, vice president of solutions architecture for Cerberus Sentinel. Registeradding that “anything above zero should not be acceptable.”

There were nearly 4 million apps on the Apple Store and more than 2.6 million on Google Play, according to Statista:

These predatory lending apps have been a problem before. As we reported earlier this month, India’s Home Ministry instructed state governments to crack down on illegal loan applications which it said led to multiple suicides by borrowers who had been harassed and blackmailed into get refunds.

Google reportedly removed 2,000 loaner apps from its Play Store in India in the first half of the year.

The Lookout researchers wrote in their report that there were likely dozens of independent operators behind the apps, and only a few of them shared code bases. However, all of the apps followed a similar pattern by tricking victims with unfair loan terms and then threatening borrowers with repayments.

They couldn’t tell where the scammers were from, but the apps were targeting users in developing regions, including Africa, Southeast Asia, India, Colombia, and Mexico. Such countries tend to have laxer financial regulations and lack of compliance, as well as people with lower incomes and easy access to mobile apps.

“The focus on developing countries may also explain why we found more loan scam apps on Android than iOS,” the researchers wrote. “Outside the US, Android is much more popular, with more than 70 percent of the market, in part due to the availability of extremely low-cost Android devices.”

After users downloaded the app, they were asked to provide typical loan information such as name, address, and employment history. However, they were also told to grant permissions to the data on the device. Many of the apps began extracting contact information as soon as permissions were granted.

Victims would receive part of the loan they applied for, unlike similar scams, but would come with fees as high as a third of the amount borrowed. After that, extremely high interest rates were applied and borrowers were told to repay the loan in a few days, much of which was contrary to the loan details the load application promised.

“This approach has the advantage of a veil of legitimacy where perpetrators can hide behind complex and unethical contractual terms,” ​​Clements said. “This potentially offsets the onus, both for convincing victims that the scam is perfectly legal, and for authorities who would react very differently to more traditional forms of online fraud.”

While a loan application scam can consume time and resources, “the payoff is more significant if victims are extorted,” said James McQuiggan, security awareness advocate at KnowBe4. Register.

“Just like in the business world, cybercriminals will invest in something if it brings them a high return. With high interest rates and extorting victims, they certainly wanted their money back with the first dozen victims, and then with the money started coming to them after that.” ®