BleepingComputer reports that more than 100,000 downloads have been amassed by the India-targeted financial management app concealing the SpyLend Android malware exfiltrating data for predatory lending before its removal from the Google Play store.Installing the app enables the exfiltration of contacts, call logs, device information, SMS messages, internal and external storage documents, photos, and videos, IP addresses, live location tracking, and historical location information. It also includes the 20 most recent text entries devices' clipboards and loan history and banking text messages, which are later leveraged to extort individuals who sought loans, an investigation from CYFIRMA revealed."The Finance Simplified app appears to target Indian users specifically by displaying and recommending loan applications, loading a WebView that shows a loan service that redirects to an external website where a separate loan APK file is downloaded," said CYFIRMA researchers, which noted similar malicious activity in the PokketMe, KreditApple, and StashFur apps.
