HomeWinBuzzer NewsAndroid Threat Actors Are Using Loan Apps to Trick Users by Stealing...

Android Threat Actors Are Using Loan Apps to Trick Users by Stealing Information

Malicious quick loan apps are stealing user information on Android to blackmail them into taking high interest loans.


are using a new malware campaign on to steal personal data from victims and blackmail them. Specifically, the attackers are mimicking loan apps to trick unsuspecting users. Security firm Zimperium reports on the attack and calls it “MoneyMonger”.

Using malicious apps that look like legit money-lending services, threat actors have been able to trick potentially thousands of victims. Attackers behind the campaign are using the Flutter framework.

MoneyMonger “takes advantage of Flutter's framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis,” Zimperium points out. “Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.”

It is worth noting the loan apps the group is using are not available on the Play Store. In other words, users who only download apps from Android's official marketplace are safe. However, millions of users get apps from other app stores or sideloading from social .

So much so that the trick apps have been downloaded more than 100,000 times. Once the malicious app is installed on an Android device, it will ask the user to give permissions. This is normal for apps, so the victim may not see any issue with agreeing to access. To add an extra incentive, the app says providing permissions will guarantee access to a loan.


Once the permissions are given, the app will collect data regarding contacts, text messages, locations, photos, files, audio recordings, and call logs. The attackers then use this data to blackmail users into paying extremely high-interest rates on their loans.

Oh yes, that's the interesting part; these really are loan apps and not just pretending to be. The kicker is they are using malicious tactics to blackmail “customers”. Not agreeing to the payment plan or missing a payment comes with a threat that personal information will be revealed, including photos.

Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in and Windows 10? This is a great way to have your most used programs always at your fingertips. In our tutorials we show you how to set those hotkeys for your favorite apps.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News