SpyLoan: A Global Threat Exploiting Social Engineering

    Wednesday, November 27, 2024 In: Threat Research Print

    Date: 11/27/2024

    Severity: Medium

    Summary

    "SpyLoan: A Global Threat Exploiting Social Engineering" highlights the surge in predatory loan apps, known as SpyLoan, targeting Android users worldwide. These potentially unwanted programs (PUPs) use social engineering tactics to deceive users into providing sensitive information and granting excessive app permissions, leading to financial loss, harassment, and extortion. Over 15 SpyLoan apps with more than 8 million installations have been identified, operating primarily in South America, Southern Asia, and Africa. They use similar frameworks to exfiltrate data and are often promoted through deceptive ads. McAfee has reported these apps to Google, resulting in some being suspended, while others were updated. Despite updates, these apps still pose privacy risks due to unethical practices. SpyLoan activity has surged by over 75% in recent months, making it a growing threat in the mobile landscape.

    Indicators of Compromise (IOC) List

    Hash

    9d51a5c0f9abea8e9777e9d8615bcab2f9794b60bf233e3087615638ceaa140e

f71dc766744573efb37f04851229eb47fc89aa7ae9124c77b94f1aa1ccc53b6c

45697ddfa2b9f7ccfbd40e971636f9ef6eeb5d964e6802476e8b3561596aa6c2

79fd1dccfa16c5f3a41fbdb0a08bb0180a2e9e5a2ae95ef588b3c39ee063ce48

22f4650621fea7a4deab4742626139d2e6840a9956285691b2942b69fef0ab22

43977fce320b39a02dc4e323243ea1b3bc532627b5bc8e15906aaff5e94815ee

ef91f497e841861f1b52847370e2b77780f1ee78b9dab88c6d78359e13fb19dc

b67e970d9df925439a6687d5cd6c80b9e5bdaa5204de14a831021e679f6fbdf1

e303fdfc7fd02572e387b8b992be2fed57194c7af5c977dfb53167a1b6e2f01b

453e23e68a9467f861d03cbace1f3d19909340dac8fabf4f70bc377f0155834e

b5209ae7fe60abd6d86477d1f661bfba306d9b9cbd26cfef8c50b81bc8c27451

852a1ae6193899f495d047904f4bdb56cc48836db4d57056b02352ae0a63be12

dfbf0bf821fa586d4e58035ed8768d2b0f1226a3b544e5f9190746b6108de625

e59fd9d96b3a446a2755e1dfc5a82ef07a3965866a7a1cb2cc1a2ffb288d110c

27743ab447cb3731d816afb7a4cecc73023efc4cd4a65b6faf3aadfd59f1768e

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    sha256hash IN ("9d51a5c0f9abea8e9777e9d8615bcab2f9794b60bf233e3087615638ceaa140e","f71dc766744573efb37f04851229eb47fc89aa7ae9124c77b94f1aa1ccc53b6c","45697ddfa2b9f7ccfbd40e971636f9ef6eeb5d964e6802476e8b3561596aa6c2","79fd1dccfa16c5f3a41fbdb0a08bb0180a2e9e5a2ae95ef588b3c39ee063ce48","22f4650621fea7a4deab4742626139d2e6840a9956285691b2942b69fef0ab22","43977fce320b39a02dc4e323243ea1b3bc532627b5bc8e15906aaff5e94815ee","ef91f497e841861f1b52847370e2b77780f1ee78b9dab88c6d78359e13fb19dc","b67e970d9df925439a6687d5cd6c80b9e5bdaa5204de14a831021e679f6fbdf1","e303fdfc7fd02572e387b8b992be2fed57194c7af5c977dfb53167a1b6e2f01b","453e23e68a9467f861d03cbace1f3d19909340dac8fabf4f70bc377f0155834e","b5209ae7fe60abd6d86477d1f661bfba306d9b9cbd26cfef8c50b81bc8c27451","852a1ae6193899f495d047904f4bdb56cc48836db4d57056b02352ae0a63be12","dfbf0bf821fa586d4e58035ed8768d2b0f1226a3b544e5f9190746b6108de625","e59fd9d96b3a446a2755e1dfc5a82ef07a3965866a7a1cb2cc1a2ffb288d110c","27743ab447cb3731d816afb7a4cecc73023efc4cd4a65b6faf3aadfd59f1768e")

    Reference: 

    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/  


    Tags

    SpyLoanFinancial ServicesSocial EngineeringAndroid MalwarePUPsSouth AmericaSouthern AsiaAfrica

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.