Money Lending apps that are in great demand in this Christmas season are found spying on their users to steal personal data to later threaten victims with certain blackmailing tactics. A study made by ZIMPERIUM zLabs has detected this malicious activity of stealing personal info from personal devices to blackmail individuals.
Dubbed as MoneyMonger, the said android malware has the potential to steal contact details from social media accounts, only to tarnish the image of the user, if in case, he/she fail to oblige their demands.
Usually, this malware is found in circulation through third party app stores and via social engineering attacks.
The theme of such malware spread is simple: just lure victims with some loan schemes that prove lucrative, as they are being advertised as cash back offers. And sometimes, if luck supports, the loan on the app might also be closed without payment under a distrustful scheme.
Problem erupts when the victim is asked certain permissions that later on prove to be too invasive. These permissions include GPS tracking, contacts and messaging app access, photos and video access, camera and call log access.
The info is later used to threaten the victim to pay acute interests on the taken loan amount. And as soon as the victim stops obliging the demands, details of him/her are leaked to the contacts stored in his/her phone.
It is unclear whether the app or the app owner should be held at fault, as the high interest rates might also fund the deceptive operations of the app on a further note.
So, smart phone users are being advised to keep a vigil on the apps that they are downloading onto their devices and see that they are not given a free hand while operating.
NOTE- In a separate study made by mobile security firm LookOut, about 300 mobile applications were discovered on Google Play and Apple Play Store, having a collective download count of over 17 million and exhibiting rapacious behavior.