Android Phone with malicious apps

If you’ve recently downloaded a financial loan app and notice your Android device acting strangely, you may have inadvertently downloaded SpyLoan malware.

SpyLoan malware has recently emerged as a growing concern to Android users, and it can pose a significant risk to your personal data.

This Android malware disguises itself as legitimate loan apps, often promising quick and easy access to loans. However, upon installation, these apps secretly steal your information, including device information, contacts, and more. With 12 million downloads on Google Play, it’s putting millions of Android users at risk.

This guide will give you an overview of what SpyLoan malware is and how to protect yourself.

What is SpyLoan malware?

SpyLoan malware is a type of Android trojan that disguises as a legitimate financial loan application. It has been found to be distributed through third-party app stores, various websites, and Google Play. The malware is designed to trick users into installing it by offering them quick and easy access to loans.

Once installed, SpyLoan malware can steal sensitive information from the user’s device, including calendar events, contact lists, photo and video metadata, Wi-Fi networks, and more, as detailed by cybersecurity company ESET. Moreover, the scammers promoted apps through SMS messages and social media platforms, including Facebook, Twitter (X), and YouTube.

SpyLoan was first detected in 2020 but has recently seen a spike in activity since January 2023. The scam apps are known to target victims in Southeast Asia, Africa, and Latin America. Since its detection, iOS apps on the Apple App Store have also been identified. However, these were taken down in 2022.

ESET researchers notified Google of dangerous SpyLoan apps on Google Play, with the search giant taking down 17 infected apps. Altogether, the apps had more than 12 million downloads.

How can I protect myself from SpyLoan malware?

The SpyLoan malware has been spread around apps and websites, and has been promoted on social media platforms. Defend against installing SpyLoan-infected apps with the following:

  • Be wary of apps that offer quick and easy access to loans.
  •  Only download apps from official app stores, such as Google Play. However, look at user reviews and requested permissions on these apps for suspicious behaviour.
  •  Avoid clicking on suspicious links or downloading attachments from unknown senders and websites.
  •  Keep your Android device up to date with the latest security patches.
  •  Use antivirus software such as Norton 360 to detect and remove malware threats.

How to detect and remove SpyLoan malware

  • It can be difficult to know if you’ve installed a SpyLoan-infected app on your Android, especially if it has millions of downloads on an official store like Google Play. After all, threat actors have designed it to steal your data sneakily.
SpyLoan malware apps on Android and iOS
SpyLoan malware apps on Android and iOS via ESET

However, if you’ve recently installed a financial app (example above) and notice suspicious behaviour, it’s best to remove it safely.

  1. Safely remove an app on Android

    Android Safe Mode Remove app

    To safely remove an app on your Android, you need to use Safe Mode.

    On your Android, press the necessary buttons to turn off your device. Tap and hold the Power off icon. Press OK to reboot to safe mode. This will restart your device.

    Once restarted, head to Settings and navigate to Apps. Select any suspicious apps you wish to remove. Tap Uninstall.

    Restart your device to go back to normal mode.

  2. Clear cache on Android

    Android Clear Cache to remove random apps

    Clearing your browser and app cache on your Android device will help minimize the effects of malware. Apps and browsers store your online activities, and malicious software can use this to cause more harm.

    To clear app cache, head to Settings on your Android. Select Storage and choose Apps. Select an app then tap Clear cache.

    It’s also a good idea to clear cache on Google Chrome.

    To do this, open the Chrome browser and tap the three vertical dots in the upper-right corner. Select Settings then tap Privacy and security. Select Clear browsing data.

    To just clear cache, uncheck Browsing history and Cookies and site data. Tap Clear data.

  3. Change your passwords

    Norton 360 Password Manager

    If you’re noticing changes to your account or believe your information as been leaked, you’ll need to change your passwords for each online account you have.

    Using password managers such as LastPass or 1Password can help manage all your passwords in one place, create a complex, near-unbreakable master password and encrypt your information. 

    Changing passwords will stop hackers from trying to steal any sensitive information and your online accounts. 

  4. Use antivirus software

    Norton 360 antivirus on Android phone

    The best way to get rid of malware on Android is to use the best antivirus software.

    Many free malware removal apps will dispatch malicious software on your device, but it’s a good idea to make sure these tools are trustworthy, as hackers can also disguise these apps on the Google Play Store to deploy even more malware.

    The best antivirus apps come with a suite of security features that can eliminate viruses, malware, ransomware, spyware or any malicious software that burrows into your Android. Some antivirus software, such as Norton 360 (from $19.99/year), offers security subscriptions specifically for Android, making it a more cost-effective option for those who only need Android protection.

    We also recommend free apps from known cybersecurity companies, including Avast OneAVG and Malwarebytes Mobile Security. These will detect and remove malicious software on your Android. 

Signs of SpyLoan malware

While Google has removed several known SpyLoan apps from its store, they can still be distributed in third-party app stores, various websites, and social media. More apps can also be developed with the SpyLoan trojan.

If you notice a suspicious platform offering easy-access loans, be sure to stay away from them. There are also signs that your Android device is infected, including:

  • Your device is slower than usual and crashes frequently.
  •  Your browser is slower than usual and crashes frequently.
  •  Browsing through websites takes longer.
  •  You need to recharge your device more often.
  •  Apps take longer to load.
  •  There’s an unknown app or software on your device you didn’t download.
  •  Pop-up ads appear more frequently.
  •  Your Android is overheating.

Check for unfamiliar apps

With over 3 million apps on the Google Play Store, it’s common for Android users to download dozens of apps for different use cases and eventually forget they are installed. Unfortunately, hackers exploit this by hiding malware-infected apps in plain sight. Once an app is installed, threat actors can update apps to change the icon image and title or hide the app on your Android’s home screen.

Scroll through all your Android apps in the App Drawer and check for unfamiliar apps you don’t remember installing.

Check your battery life

Malware is known to use your Android device’s resources in the background, making it harder for users to detect malicious activity. On a mobile device, this can deplete its daily battery life. If your Android’s battery life is running out sooner than expected, it’s worth checking Battery settings to see if an app is causing the issue.

Head into Settings > Battery > Battery Usage to check if any unfamiliar apps are consuming a high amount of your Android’s battery life.

Watch out for pop-up ads

While pop-up advertisements are inevitable in apps and browsers when scrolling through websites, seeing too many is concerning.

If an app or website keeps redirecting you to different web pages and installing unwanted toolbars, extensions or plugins, it could be a sign of malicious software on your Android.

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here