Almost 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers.
The loans came with hidden fees and high interest rates that drove up the payments and the apps asked for sensitive information on their mobile devices. This included SMS messages, photos, phone history and contact lists that was then used against victims, according to researchers with cybersecurity vendor Lookout.
In some instances, the data exfiltrated from the device was used to extort borrowers by threatening to disclose the data or information about the debt to their contacts, the researchers wrote in a report.
In total, more than 251 Android apps were found in the Google Play souk – and collectively, downloaded more than 15 million times – and 35 iOS apps in the Apple Store that were found to be among the top 100 financial apps in regional stores.
Lookout contacted Google and Apple about the apps and said Wednesday that none of them were still available for download.
“what’s been identified is a tiny drop in the bucket overall,” Chris Clements, vice president of solutions architecture for Cerberus Sentinel, told The Register, adding that “anything over zero shouldn’t be acceptable.”
Such predatory lending apps have been a problem