Skip to main content

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims.




A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices.


Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps.


MoneyMonger "takes advantage of Flutter's framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis," Zimperium researchers Fernando Sanchez, Alex Calleja , Matteo Favaro, and Gianluca Braga said in a report shared with The Hacker news.


"Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products."


The campaign, believed to be active since May 2022, is part of a broader effort previously disclosed by Indian cybersecurity firm K7 Security Labs.


None of the 33 apps used in the deceptive scheme have been distributed through the Google Play Store. The money lending applications, instead, are available through unofficial app stores or sideloaded to the phones via smishing, compromised websites, rogue ads, or social media campaigns.


Once installed, the malware poses a risk as it's designed to prompt the users to grant it intrusive permissions under the pretext of guaranteeing a loan, and harvest a wide range of private information.


The collected data – which includes GPS locations, SMSes, contacts, call logs, files, photos, and audio recordings – is then used as a pressure tactic to force victims into paying excessively high-interest rates for the loans, sometimes even in cases after the loan is repaid.


To make matters worse, the threat actors subject the borrowers to harassment by threatening to reveal their information, call people from the contact list, and send abusive messages and morphed photos from the infected devices.


The scale of the campaign is unclear owing to the use of sideloading and third-party app stores, but the rogue apps are estimated to have racked up over 100,000 downloads through the distribution vector.


"The extremely novel MoneyMonger malware campaign highlights a growing trend by malicious actors to use blackmail and threats to scam victims out of money," Richard Melick, director of mobile threat intelligence at Zimperium, said in a statement.


"Quick loan programs are often full of predatory models, such as high-interest rates and payback schemes, but adding blackmail into the equation increases the level of maliciousness."




Google, in a comment shared with The Hacker News, reiterated that the identified malicious apps are not downloadable from the Play Store and that Google Play Protect helps notify users about potentially harmful apps.


"Google Play Protect checks Android devices with Google Play Services for potentially harmful apps from other sources," the company said. "Google Play Protect will warn users that attempt to install or launch apps that have been identified to be malicious."


The findings come two weeks after Lookout discovered nearly 300 mobile loan applications on Google Play and Apple's App Store that collectively have more than 15 million downloads and have been found engaging in predatory behavior.


These apps not only exfiltrate extraordinary volumes of user data but also come with hidden fees, high-interest rates, and payment terms that are used to strong-arm victims for payment on fraudulent loans.


"They exploit victims' desire for quick cash to ensnare borrowers into predatory loan contracts and require them to grant access to sensitive information such as contacts and SMS messages," Lookout noted late last month.


Developing countries are a prime target for dodgy loan apps, as digital lending has seen explosive growth in markets like India, where people are unwittingly turning to such platforms after being turned away by banks for failing to meet income requirements.


The exploitative nature of the personal loan terms has also led to multiple incidents of suicides in the country, prompting the Indian government to initiate work on an allowlist of legal digital lending apps that are permitted in app stores.


Google, in August, disclosed it had removed more than 2,000 credit disbursement apps from its Play Store in India since the start of the year for violating its terms.


The government has also sought urgent strict action by law enforcement agencies against loan apps, a majority of them Chinese-controlled, that have been found to use harassment, blackmail, and harsh recovery techniques.


Source; THN.

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.