Fraud Apps that intimidate victims being distributed via Google Play Store

By

SonicWall Capture Labs Threats Research team has been regularly sharing information about the malware threats targeting Android devices. SonicWall has tracked down the huge number of financial fraud applications.

 

Since the start of the year, it has become a trend to gain easy money for malware authors Google play store removed hundreds of similar applications. More than 30 fraud Apps have been noticed in the Google Play Store, the concerned team has already been notified:

 

These app target Indian Android Phone consumers and is portrayed as an app that would assist in obtaining a loan. High installation count (few of these apps have 1 Million+) indicates many users might have fallen prey to this fraud app. Some of the app icons are shown below:

 

After installation, they ask for Images of documents like AADHAR (Unique Identification Authority of India) card, PAN (Permanent Account Number) card, and Bank Account details. There is no validation of the information as shown in the image, random numbers as AADHAR number and account number were entered and successfully proceed further:

 

We tried it in a without sim card device there also it generates OTP.  Following is the code snippet for fake OTP generation:

 

Fake OTP appears on the device looks as shown in the following image:

 

They ask for some money as a security deposit in Indian rupees via different payment modes, and the user will not get any loan:

 

Fake 5-star ratings, good comments, and high download count are one of the reasons users are falling prey for:

 

During our investigation we were monitoring some of these applications, in a couple of cases we got threat messages on registered mobile numbers:

 

As part of this campaign a victim is compromised in multiple ways:

  • Money for fake loan security
  • Compromised data
  • Advertisement
  • Threat for more money

SonicWall Capture Labs provides protection against this threat via the SonicWall Capture ATP w/RTDMI.

Package name for reported apps are as follows:

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.