Beware of fraud apps leveraging Google Play Store for distribution
SonicWall Capture Labs threat research team has been regularly sharing information about the malware threats plaguing Android devices. SonicWall has tracked down another finance-based malicious app. The app until recently was distributed via Google Play Store which has now been removed from the Play Store after we reported this to the concerned team.
The app targets Indian Android Phone consumers and is portrayed as an app that would assist in obtaining a loan. High installation count (0.1-0.5 Milion) indicates many users might have fallen prey to this fraud app. A similar fraud app has been noticed in the Google Play Store, the concerned team has already been notified of the app.
At present, the fraudulent app isn’t detected by any AV vendor as is seen on the popular threat intelligence sharing portal VirusTotal.
The app promised to provide easy loans to customers and appeared to look genuine by providing information about Loan EMI and interest in its description.
Post installation, it showed a list of permissions required. Interestingly, the app prompted the user to grant permissions by describing why those permissions are required. The app instructed the user to complete 3 steps to get a loan.
In the first step, called the “Submit info”, personal, work and bank related information are collected from the user. There is no validation for entered user account details which are being asked as shown below:
In the second step, the user’s credit limit is computed as is assumed based on the information provided in step one. The user is then asked to make a payment of 399INR as a security deposit before the loan request could be processed further. Various payment options like Net banking, UPI, and Debit/Credit Card are provided to the user. An active timer is also started to rush in the user into making payment.
SonicWall Capture Labs provide protection against this threat with the following signatures:
- FraudApp.B (Trojan)
- FraudApp.C (Trojan)
Indicators of Compromise (IOC’s):