Researchers discover 300 predatory loan apps on Google Play Store and Apple App Store

December 2, 2022

Lookout researchers discovered approximately 300 mobile loan applications on Google Play and the Apple App Store that exhibit predatory behavior such as exfiltrating excessive user data from mobile devices and harassing borrowers for repayment after previously promising quick loans at reasonable rates.

These mobile loan apps were mostly found in Southeast Asian and African countries, including India, Colombia, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda.

More than 251 Android apps were discovered in the Google Play marketplace and downloaded more than 15 million times, while 35 iOS apps in the Apple Store were discovered to be among the top 100 financial apps in regional stores.

They provide quick, fully digital loan approvals with fair loan terms. In reality, they take advantage of victims’ desire for quick cash to entice them into predatory loan contracts and force them to hand over sensitive information such as contacts and SMS messages.

In some cases, the data exfiltrated from the device was used to extort borrowers by threatening to reveal the data or debt information to their contacts.

“In addition to predatory requests for excessive permissions, many of the loan operators engage in scam-like behavior,” according to the report. According to the report, a number of users have reported that their loans have hidden fees, high interest rates, and repayment terms that are far less favorable than what is advertised on app stores.

The sources for this post include an article in TheRegister.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn