Hundreds of scam predatory loan platforms found on Google and Apple app stores
James Yarema
Jonathan Greig December 1, 2022

Hundreds of scam predatory loan platforms found on Google and Apple app stores

Jonathan Greig

December 1, 2022

Hundreds of scam predatory loan platforms found on Google and Apple app stores

Hundreds of predatory loan apps targeting people across Africa, Asia and Latin America have been available on Google Play and Apple App Store, garnering over 15 million collective downloads.

Discovered by researchers at the cybersecurity firm Lookout, the apps include 35 that were in the top 100 among finance platforms in their regional app stores. They have since been reported to Google and Apple and removed. 

“Based on our analysis, there are likely dozens of independent operators involved, as we only found shared code bases between small batches of apps. With that said, all the apps have a very similar business model, which is to trick victims into unfair loan terms and threaten them to pay,” the researchers said. 

“All the predatory loan apps were found in developing countries. Specifically, we identified apps targeting users in Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda. While we don’t have evidence of where the scam operators reside, it’s clear that these regions were identified to be lucrative.”

Lookout senior security intelligence researcher Ruohan Xiong said one of the main fears with predatory loan apps is the personal information they steal from unsuspecting users. 

According to Xiong, app permissions could easily be abused if users are not careful. The platforms were another example of why people need to think before they entrust apps with sensitive personal information. 

All of the apps offer easy and fully-digital loan applications that can be easily approved with loan terms Lookout said appear “reasonable.” But the apps lock people into predatory loan contracts while also mandating that users grant access to sensitive information such as call logs, SMS messages, installed apps, photos and contact lists.

Some of the apps ask for names, addresses, employment history, education, and banking information as well as ID verification with a video selfie. The data exfiltration begins almost immediately after the permissions are given, according to Lookout’s analysis of network traffic.

In both Google and Apple app stores, the comment sections were overrun with users saying they were hit with hidden fees, high interest rates, and predatory repayment terms after they signed up for the loans. 

Examples of emails users received.

“We also found evidence that the data exfiltrated from devices are sometimes used to pressure for repayment, either by harassing the customers themselves or their contacts,” the researchers said.

Many of the comments note that the harassment campaigns begin almost immediately, even before the deadline for repayment is reached. The person’s exfiltrated contacts are used to threaten the person in a variety of ways. Some apps threaten to tell their contacts about their debt.  

“Based on the low review scores of most of the apps, the loan operators don’t seem to be afraid of getting caught and find the reputation of the individual apps to be disposable,” they wrote. “This may partially be the result of looser financial regulations or lack of enforcement.”

The researchers noted that Google has begun to crack down on the scams, with the tech giant pulling 2,000 loan apps from the Play store in India. 

The app’s operators are taking advantage of a larger issue in developing countries, where people struggle to gain access to traditional financial services and instead turn to more risky options in their place. 

Lookout noted that there were more loan scam apps on Android because of its popularity across developing countries. 

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.