--- title: "8 million Android users fell prey to SpyLoan malware on Google Play Store | Phish Protection" description: "  Android users, do you think apps that you download from the Google Play Store are completely secure and harmless?" image: "https://phishprotection.com/og/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store.png" canonical: "https://phishprotection.com/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/" --- Quick Answer Well, around 8 million Android users have been duped by 15 loan apps on the Google Play Store . These malicious apps bait naive Android users across Thailand, Chile, Vietnam, Columbia, Mexico, Peru, and Tanzania under the pretext of easy, quick, and effortless loans. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2F8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=8%20million%20Android%20users%20fell%20prey%20to%20SpyLoan%20malware%20on%20Google%20Play%20Store&url=https%3A%2F%2Fphishprotection.com%2Fblog%2F8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2F8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2F8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store%2F&title=8%20million%20Android%20users%20fell%20prey%20to%20SpyLoan%20malware%20on%20Google%20Play%20Store "Share on Reddit") [ ](mailto:?subject=8%20million%20Android%20users%20fell%20prey%20to%20SpyLoan%20malware%20on%20Google%20Play%20Store&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2F8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2024/12/phishing-attack-prevention-7784.jpg) Android users, do you think apps that you download from the Google Play Store are completely secure and harmless? Well, around[8 million Android users](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/)have been duped by 15 loan apps on the**Google Play Store**. These malicious apps bait naive Android users across Thailand, Chile, Vietnam, Columbia, Mexico, Peru, and Tanzania under the pretext of easy, quick, and effortless loans. The worst part is that out of these 15 apps, 5 are still live on Google Play Store as they have agreed to comply with Google Play policies . The majority of these 15 apps have been advertised widely on different[social media platforms](https://blog.hubspot.com/marketing/fastest-growing-social-media-platforms)such as Facebook. These potentially**unwanted programs leverage**different types of[social engineering](https://www.upguard.com/blog/social-engineering)tactics to coax them into sharing sensitive and[personal details](/resources/phishing-identity-theft). Once threat actors get access to such data, users can face serious risks such as financial loss, extortion, harassment, blackmailing, and so on. ![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2024/12/phishing-attack-prevention-7784.jpg) ### **What is SpyLoan?** SpyLoan is a**malware**that came into the scene back in 2020\. Gradually, SpyLoan got all the attention because of a set of[18 different loan lending apps.](https://www.bleepingcomputer.com/news/security/spyloan-android-malware-on-google-play-downloaded-12-million-times/)These apps are used to offer loans at high interest and seek personal information from the app users. The idea was to secure sensitive details and financial information from the users and then use the same data to force them into paying extremely high[interest rates](https://en.wikipedia.org/wiki/Interest%5Frate)or blackmailing them by using personal information. Such apps never offer genuine**financial assistance**. Rather, these[malicious apps](/resources/what-is-phishing)are designed in a way that pushes naive users into a vicious cycle of debts . Also, privacy invasion is a major concern. ### **How do these apps operate?** > “over 90% of ransomware attacks begin with a phishing email ([Verizon 2024 Data Breach Investigations Report](https://www.verizon.com/business/resources/reports/dbir/)) email. Blocking the phishing email is the most effective ransomware prevention strategy available - it stops the attack at the earliest possible stage, before any malware reaches your network. Every ransomware incident we’ve investigated started with an email that should have been caught.” - **Vasile Diaconu**, Operations Lead, DuoCircle Each[PUP](https://www.kaspersky.com/resource-center/definitions/what-is-pup-pua)application has its unique targets. However, cyber experts have identified a commonality among all the**apps- a framework**that encrypts and[exfiltrated data](https://www.nextdlp.com/resources/blog/what-is-data-exfiltration-and-how-to-prevent-it)from the user device onto a[C2 (command and control) server](https://www.varonis.com/blog/what-is-c2). Next, the apps require multiple permissions, which further allows the threat actors easy access to your contact lists, SMS messages, call logs, etc. They claim that these details are necessary for user identification as well as for implementing[anti-fraud measures](https://tenintel.com/how-to-anti-fraud-measures/). Users are validated and tracked through a[one-time password or OTP](https://www.okta.com/blog/2020/06/what-is-a-one-time-password-otp/). Further, users are also required to provide other significant details such as employee information , supplementary identification documents , bank account details, and so on. Scammers eventually exfiltrate all the data to the**C2 server**. [Cybercriminals](/phishing/white-house-the-most-secure-place-in-the-world-targeted-by-cyber-criminals-through-spear-phishing-attacks)exploit psychological factors like urgency, financial desperation, and the appeal of convenience to deceive users. The promise of a quick, hassle-free loan without the usual paperwork or formalities of traditional financial institutions often seems irresistible to many. Unfortunately, this is precisely why countless unsuspecting individuals fall victim to phishing scams. Strengthening[phishing protection](/)measures is essential to safeguard users from such fraudulent schemes. ![Phishing info](https://media.mailhop.org/phishprotection/images/2024/12/phishing-info.jpg) Also, the \*\* presence of PUP\*\* in the Google Play Store is actually quite shocking. Apps listed in the Google Play Store are widely trusted and downloaded. No one could have imagined that cybercriminals have actually pulled off this stunt of fetching personal data from under the nose of the Google Play Store! ## Topics [ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 14m 12 Real-World Spear Phishing Examples And The Red Flags You Missed Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[ Foundational 1m A Big Part of the Phishing Problem is You Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)[ Foundational 4m A Brief Email Security & Phishing Safety Guide, Useful for IT and Email Administrators Apr 1, 2021 ](/blog/a-brief-email-security-and-phishing-safety-guide-useful-for-it-and-email-administrators/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"8 million Android users fell prey to SpyLoan malware on Google Play Store","description":"  Android users, do you think apps that you download from the Google Play Store are completely secure and harmless?","url":"https://phishprotection.com/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/","datePublished":"2024-12-05T04:52:38.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2024-12-05T04:52:38.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":568,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2024/12/phishing-attack-prevention-7784.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"8 million Android users fell prey to SpyLoan malware on Google Play Store","item":"https://phishprotection.com/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/"}]} ```