We came across this news and this tweet which spoke about how money lending apps (loan apps) on Google Play Store abuse and threaten the user, demanding exorbitant amounts of money. These money lending apps collect money with high interest rates and then threaten the user if there is any delay in repaying the dues and in some cases, even after clearing the dues the loan agent demands more money. If the user does not repay the demanded money, abusive messages/images of the user will be sent to all the contacts in the user’s device. There are many reports of users taking their own life as they were unable to withstand the harassment. And the more saddening part is that some of these apps are still available in Google Play Store. 

Some of the loan apps in Google Play Store are shown in Figure 1.

Figure 1: Loan apps in Google Play Store

Some user reviews in Google Play Store are shown in Figure 2.

Figure 2: User reviews in Google Play Store

Technical Analysis

In this blog, we will be analysing the com.lvcash.lvcashcomshoz app in Google Play Store.

This loan app is named “Cash Advance” in Google Play Store.

When the user installs this app as shown in Figure 3, the app requests for a list of permissions as shown in Figure 4. Why does a loan app request these permissions? Whenever any app is installed, users should be alert as to what permissions are sought by the app and decide which permissions are actually necessary for the app to function properly.

 

Figure 3: User installs Cash Advance in device

            

Figure 4: App permissions

This app accesses the camera on the user’s device as shown in Figure 5 and captures images and records videos of the user as shown in Figure 6, which can later be used to threaten them. 

Figure 5: App accessing the front camera

                       

Figure 6: App capturing image/video

The app collects the contact lists from the user’s device as shown in Figure 7. Later, the loan agent threatens the user by sending abusive messages/images to this collected contact list.

                                       

Figure 7: Collecting contact details from the user’s device

 The app also collects a list of installed packages from the user’s device as shown in Figure 8.

                                               

Figure 8: Collecting installed app list from user’s device

The app collects the location, SMS details and device information from the user’s device as shown in Figure 9 and Figure 10.

 

Figure 9: Collecting location information from user’s device
Figure 10: Collecting SMS information from user’s device

               

Considering the aforementioned modules of the app, viz contact list collection, camera control, etc; we can understand that this app is designed with deception and strong-arm tactics in mind. Once the user makes a financial commitment through this app, they are trapped and their own user data is used against them. During the installation, the app does mention in its privacy policy that it collects all SMS details, contact list, access camera, storage, installed applications, IP of the device and also says that it will upload this information to their site https[:]//app[.lvcash[.xyz. 

Mitigations

  • Carefully read the user review’s before downloading any app
  • Be aware of what information the app collects from the user’s device
  • Protect your device and data with a reputed security product like K7 Mobile Security and keep it up to date to protect yourself of the threats lurking around

We at K7 Labs detect such kinds of threats and are constantly working to protect our users.

Indicators of Compromise (IoCs)

 

Package name Hash Detection Name
com.lvcash.lvcashcomshoz  0A86646E55AB4501C483C06C24D7E01B Spyware ( 005923441 )
com.moneyy.magicmoneyok 7881D65DEA553FBA86D83F846C83023C Trojan ( 0001140e1 )
      com.hc.go c9606e68f6bc314e268b8645e57c9716 Spyware ( 005926b41 )
com.prestamos.credito.trueno 620589e7d4fdd5f42acf9eef7b3c26b0 Trojan ( 005926b31 )
com.pezcredito.prestamo.dinero.efectivo    2edd76acfde09ff8af36d47077b04f4f    Trojan ( 0001140e1 )

 

Like what you're reading? Subscribe to our top stories.

If you want to subscribe to our monthly newsletter, please submit the form below.

    0 replies on “Steer Clear of Instant Loan Apps”