SpyLoan: A Global Threat Exploiting Social Engineering

McAfee Mobile Research documents a global surge of SpyLoan Android apps — predatory loan applications distributed via Google Play that request excessive permissions, harvest sensitive personal and device data, encrypt and exfiltrate it to hardcoded C2 endpoints, and are used to harass and extort victims; the report includes technical analysis (AES usage with hardcoded keys, C2 URL regex), IOCs (package names and SHA256 hashes), regional telemetry (millions of installs concentrated in South America, Southeast Asia and Africa), user impact examples, law enforcement actions, and protection recommendations.