www.mcafee.com
Open in
urlscan Pro
184.30.75.41
Public Scan
URL:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
Submission: On November 27 via api from IN — Scanned from CA
Submission: On November 27 via api from IN — Scanned from CA
Form analysis 4 forms found in the DOM
https://www.mcafee.com/blogs
<form class="desktop-search-form-v2" action="https://www.mcafee.com/blogs">
<div><span class="search_icon_desktop"> <img src="/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg" alt="search grey icon"> </span></div>
<div class="desktop-search-div"><input class="dsk-search" autocomplete="off" name="s" type="text" placeholder="Search"></div>
</form>https://www.mcafee.com/blogs
<form class="desktop-search-form" style="display: none;" action="https://www.mcafee.com/blogs">
<div class="desktop-search-div"><input class="dsk-search" autocomplete="off" name="s" type="text" placeholder="Type and hit enter..."></div>
<div><span class="close_icon_desktop"> <img src="https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg" alt="close grey icon"> </span></div>
</form>https://www.mcafee.com/blogs
<form class="form-inline my-2 my-lg-0" action="https://www.mcafee.com/blogs">
<div class="input-group mb-3 search-div">
<div class="input-group-append"><button class="sarch-btn" type="button"><span class="fa fa-search" title="Type and hit enter..."><span style="display: none;">.</span></span> </button>
</div>
</div>
</form>https://www.mcafee.com/blogs
<form action="https://www.mcafee.com/blogs" class="desktop-search-form" style="display: none;">
<div class="desktop-search-div">
<input class="dsk-search" name="s" type="text" placeholder="Type and hit enter..." autocomplete="off">
</div>
<div><span class="close_icon_desktop">
<img src="https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg" alt="close grey icon">
</span>
</div>
</form>Text Content
* Products
* All-In-One Protection
* NEW
McAfee+ Individual Plans
Complete privacy, identity and device protection for individuals.
* NEW
McAfee+ Family Plans
Complete privacy, identity and device protection for up to 6 family
members.
* Other Products & Services
* Antivirus
* Scam Protection
* Virtual Private Network (VPN)
* Mobile Security
* PC Optimizer
* TechMaster Concierge
* McAfee Assist
* Free Tools & Downloads
* Web Protection
* Free Antivirus Trial
* Device Security Scan
* Password Generator
* Features
* Keep Me Private Online
* Personal Data Cleanup
* Online Account Cleanup
* VPN (Virtual Private Network)
* Social Privacy Manager
* Safeguard My Identity
* Identity Monitoring
* Credit Monitoring
* Security Freeze
* Identity Theft Coverage & Restoration
* Password Manager
* Protect My Devices
* Antivirus
* Scam Protection
* Web Protection
* Protect My Family
* Protection Score
* Parental Controls
* Family Plans
* Resources
* Stay Updated
* McAfee Blog
* Reports and Guides
* McAfee on YouTube
* Prevent Spam and Phishing
* Learn More
* Learn at McAfee
* What is Antivirus?
* What is a VPN?
* What is Identity Theft?
* Press & News
* McAfee Newsroom
* AI News & Scams
* About Us
* Our Company
* Company Overview
* Awards & Reviews
* Investors
* Our Efforts
* Inclusion & Diversity
* Integrity & Ethics
* Public Policy
* Join Us
* Careers
* Life at McAfee
* Our Teams
* Our Locations
* Why McAfee
Products
All-In-One Protection
NEW McAfee+ Individual Plans
Complete privacy, identity and device protection for individuals.
NEW McAfee+ Family Plans
Complete privacy, identity and device protection for up to 6 family members.
Other Products & Services
Antivirus
Scam Protection
Virtual Private Network (VPN)
Mobile Security
PC Optimizer
TechMaster Concierge
McAfee Assist
Free Tools & Downloads
Web Protection
Free Antivirus Trial
Device Security Scan
Password Generator
Features
Keep Me Private Online
Personal Data Cleanup
Online Account Cleanup
VPN (Virtual Private Network)
Social Privacy Manager
Safeguard My Identity
Identity Monitoring
Credit Monitoring
Security Freeze
Identity Theft Coverage & Restoration
Password Manager
Protect My Devices
Antivirus
Scam Protection
Web Protection
Protect My Family
Protection Score
Parental Controls
Family Plans
Resources
Stay Updated
McAfee Blog
Reports and Guides
McAfee on YouTube
Prevent Spam and Phishing
Learn More
Learn at McAfee
What is Antivirus?
What is a VPN?
What is Identity Theft?
Press & News
McAfee Newsroom
AI News & Scams
About Us
Our Company
Company Overview
Awards & Reviews
Investors
Our Efforts
Inclusion & Diversity
Integrity & Ethics
Public Policy
Join Us
Careers
Life at McAfee
Our Teams
Our Locations
Why McAfee
Support
Help
Customer Support
Support Community
FAQs
Contact Us
Activation
Activate Retail Card
Region
Asia Pacific
Australia - English
New Zealand - English
Singapore - English
Malaysia - English
Philippines - English
India - English
대한민국 - 한국어
日本 - 日本語
中国 - 简体中文
香港特別行政區 - 繁體中文
台灣 - 繁體中文
Europe
Česká Republika - Čeština
Danmark - Dansk
Suomi - Suomi
France - Français
Deutschland - Deutsch
Ελλάδα - Ελληνικά
Ireland - English
Magyarország - Magyar
ישראל - עברית
Italia - Italiano
Nederland - Nederlands
Norge - Bokmål
Polska - Polski
Portugal - Português
Россия - Русский
España - Español
Sverige - Svenska
Suisse - Français
Schweiz - Deutsch
Türkiye - Türkçe
العربية - العربية
United Kingdom - English
North America
United States - English
Canada - English
Canada - Français
South America
Argentina - Español
Brasil - Português
Chile - Español
Colombia - Español
México - Español
Perú - Español
Sign in
* Support
* Help
* Customer Support
* Support Community
* FAQs
* Contact Us
* Activation
* Activate Retail Card
* * Asia Pacific
* Australia-English
* New Zealand-English
* Singapore-English
* Malaysia-English
* Philippines-English
* India-English
* 대한민국-한국어
* 日本-日本語
* 中国-简体中文
* 香港特別行政區-繁體中文
* 台灣-繁體中文
* Europe
* Česká Republika-Čeština
* Danmark-Dansk
* Suomi-Suomi
* France-Français
* Deutschland-Deutsch
* Ελλάδα-Ελληνικά
* Ireland-English
* Magyarország-Magyar
* ישראל-עברית
* Italia-Italiano
* Nederland-Nederlands
*
* Norge-Bokmål
* Polska-Polski
* Portugal-Português
* Россия-Русский
* España-Español
* Sverige-Svenska
* Suisse-Français
* Schweiz-Deutsch
* Türkiye-Türkçe
* العربية-العربية
* United Kingdom-English
* North America
* United States-English
* Canada-English
* Canada-Français
* South America
* Argentina-Español
* Brasil-Português
* Chile-Español
* Colombia-Español
* México-Español
* Perú-Español
* Sign in
*
* Blog
* Topics
How To Guides and Tutorials Internet Security Mobile Security Family Safety
Privacy & Identity Protection Security News
* At McAfee
McAfee News Executive Perspectives McAfee Labs Life at McAfee Hackable?
Podcast
* English
* Portuguese (BR)
* Spanish
* French(FR)
* German
* Italian
* Japanese
* French(CA)
* Portuguese (PT)
* Spanish (MX)
* Dutch
*
* Blog
* Topics
How To Guides and Tutorials Internet Security Mobile Security Family Safety
Privacy & Identity Protection Security News
* At McAfee
McAfee News Executive Perspectives McAfee Labs Life at McAfee Hackable?
Podcast
* .
* Portuguese (BR) Spanish French(FR) German Italian Japanese French(CA)
Portuguese (PT) Spanish (MX) Dutch
Blog Other Blogs McAfee Labs SpyLoan: A Global Threat Exploiting Social
Engineering
SPYLOAN: A GLOBAL THREAT EXPLOITING SOCIAL ENGINEERING
McAfee Labs
Nov 25, 2024
16 MIN READ
Authored by: Fernando Ruiz
The McAfee mobile research team recently identified a significant global
increase of SpyLoan, also known as predatory loan apps, on Android. These PUP
(potentially unwanted programs) applications use social engineering tactics to
trick users into providing sensitive information and granting extra mobile app
permissions, which can lead to extortion, harassment, and financial loss.
During our investigation of this threat, we identified fifteen apps with a
combined total of over eight million installations. This group of loan apps
share a common framework to encrypt and exfiltrate data from a victim’s device
to a command and control (C2) server using a similar HTTP endpoint
infrastructure. They operate localized in targeted territories, mainly in South
America, Southern Asia, and Africa, with some of them being promoted through
deceptive advertising on social media.
McAfee is a member of the App Defense Alliance focused on protecting users by
preventing threats from reaching their devices and improving app quality across
the ecosystem. We reported the apps discovered to Google who have notified the
developers that their apps violate Google Play policies and fixes are needed to
come into compliance. Some apps were suspended from Google Play while others
were updated by the developers.
McAfee Mobile Security detects all of these apps as Android/PUP.SpyLoan due to
our PUP policy since even after some apps have updated to reduce the permissions
requirements and the harvesting of sensitive information they still pose a risk
for the user’s privacy due to the potential unethical practices that can be
conducted by the operators of these apps that are not licensed or registered
with the authorities that regulate financial services in each jurisdiction where
they operate.
Figure 1: Examples of SpyLoan apps recently distributed on Google Play
Since 2020, SpyLoan has become a consistent presence in the mobile threat
landscape. However, our telemetry indicates a rapid surge in their activity
recently. From the end of Q2 to the end of Q3 2024, the number of malicious
SpyLoan apps and unique infected devices has increased by over 75%.
UNDERSTANDING THE THREAT
WHAT ARE SPYLOAN APPS?
SpyLoan apps are intrusive financial applications that lure users with promises
of quick and flexible loans, often featuring low rates and minimal requirements.
While these apps may seem to offer genuine value, the reality is that these apps
primarily exist to collect as much personal information as possible, which they
then may exploit to harass and extort users into paying predatory interest
rates. They employ questionable tactics, such as deceptive marketing that
highlights time-limited offers and countdowns, creating a false sense of urgency
to pressure users into making hasty decisions. Ultimately, rather than providing
genuine financial assistance, these apps can lead users into a cycle of debt and
privacy violations.
While the specific behavior may vary by country, these apps share common
characteristics and code at app and infrastructure level:
* Distribution via Official App Stores: Despite violating policies, these apps
often slip through app store vetting processes and are available on platforms
like Google Play, making them appear trustworthy.
* Deceptive Marketing: They use names, logos, and user interfaces that mimic
reputable financial institutions to gain credibility. Often these loan apps
are promoted by ads on social media networks
Figure 2: Ad for a SpyLoan app
“High amount of loan” Add on Facebook for app “Presta Facil: Revision Rapida”
which translate to “Easy Loan: Fast Approval” detailing interest rates, amount,
period, etc for a loan in Colombian pesos.
* Similar user flow: After first execution a privacy policy is displayed with
the details of what information will be collected, then a countdown timer
creates the sense of urgency to apply to the loan offer and the user’s phone
number with the country code of the targeted territory is required to
continue, asking for a one-time-password (OTP) that is received by SMS to
authenticate the user and validate that user has a phone number from the
targeted country.
SpyLoan apps are consistent with this onboarding process. Then navigation bar
and app actions are very similar with different graphics but have the same
features in their respective localized languages.
Figure 3: Example of privacy terms on two different SpyLoan apps, one targeting
Indonesia (left) named “KreditKu-Uang Online” and another targeting Mexico
(right) named “Préstamo Seguro-Rápido, Seguro”.
Both apps have in common a framework that shares the user interface, user’s flow
and encryption libraries with techniques for communication with C2
infrastructure, while the operators have different locations, language and
target countries.
* Privacy agreements: These apps have similar but not equal privacy terms, in
general they describe and justify the sensitive data to be collected as part
of the user identification process and anti-fraud measures.
* They require users to consent to collect excessive and exploitative data
that a formal financial institution would not normally require, such as SMS
message content, call logs and contact lists.
* The contact information of the financial institution is from free service
email domain like Gmail or Outlook, like a personal email address, not from
a formal and legal financial institution.
* The websites implementation of the privacy terms of these SpyLoans apps are
built with the same web-framework, using JavaScript to dynamically load the
content of the terms, this text is not available in the HTML files
directly.
* Excessive Permission Requests: Upon installation, they request permissions
that are unnecessary for a loan app, such as access to contacts, SMS,
storage, calendar, phone call records and even microphone or camera.
Common permissions on SpyLoan applications can be:
* * permission.CAMERA
* permission.READ_CALL_LOG
* permission.READ_PHONE_STATE
* permission.ACCESS_COARSE_LOCATION
* permission.READ_SMS
Depending on the implementation and distribution method they can include more
sensitive permissions.
* Enticing Offers: Promising quick loans with minimal requirements to attract
users in urgent financial situations. A countdown might be displayed to
increase the sense of urgency.
Figure 4: Three different apps, from different developers offering the same
initial countdown onboarding screen: Offering an “85% approval rate” in
different languages with a countdown.
Phone Validation via SMS OTP: To complete the registration a phone number with
the country code of the target country is required to validate the user’s phone
is on the territory, receiving an one time password (OTP) to proceed to the
registration via text message.
Data Collection: Users are prompted to provide sensitive legal identification
documents and personal information, banking accounts, employee information among
with device data that is exfiltrated from the victim’s device.
IMPACT ON USERS
FINANCIAL EXPLOITATION
* Hidden Fees and High Interest Rates: Users receive less than the promised
loan amount but are required to repay the full amount plus exorbitant fees
within a short period.
* Unauthorized Charges: Some apps initiate unauthorized transactions or charge
hidden fees.
PRIVACY VIOLATIONS
* Data Misuse: Personal information is exploited for blackmail or sold to third
parties. This might include sextortion with victims’ pictures that can be
exfiltrated or created with AI.
* Harassment and Extortion: Users and their contacts receive threatening
messages or calls including death threats.
EMOTIONAL AND PSYCHOLOGICAL DISTRESS
* Stress and Anxiety: Aggressive tactics cause significant emotional harm.
* Reputational Damage: Public shaming can affect personal and professional
relationships.
Back to 2023 in Chile media reported the suicide of a victim of fake loans after
the harassment and threats to her friends and family and to her integrity.
DATA EXFILTRATION ANALYSIS
The group of SpyLoan applications reported in this blog belongs to the family
identified by McAfee as Android/SpyLoan.DE that transmits the collected
information encrypted to the command and control (C2) using AES (Advanced
encryption standard) with 128bits keys then base64 encoding and optionally adds
a hardcoded padding over https.
Encryption key and initialization vector (IV) are hardcoded into the obfuscated
application code.
Figure 5: Encryption key and IV hardcoded in SpyLoan variant
SpyLoan uses this same encryption routine to hide sensitive strings on
resources.xml that leads to data exfiltration, for example:
* String skadnjskdf in resources.xml:
* <string name=”skadnjskdf”>501tm8gR24S8F8BpRDkvnw==</string>
* The AES decrypted value using the same encryption routine implemented for
data exfiltration:
* <string name=”skadnjskdf”>content://sms/</string>
This string is used to construct a content URI that allows access to SMS
Messages that it’s implemented to extract fields like, date, address
(sender/recipient), message body, status, etc., and formats into JSON that then
will be encrypted again to be sent to the C2.
Figure 6: Code section that exfiltrates all SMS messages from Victim’s device
Exfiltrated data is posted into the C2 via HTTP post inside an encrypted JSON
object. The URLs of the endpoints used to collect sensitive data shares the URL
structure between different SpyLoan applications. They use the same URLs scheme
that can be detected by this regex:
^https:\/\/[a-z0-9.-]+\/[a-z]{2,}-gp\/[a-z0-9]+\/[a-z0-9]+$
Some examples of C2 URLs that match this scheme:
* hxxps://su.mykreditandfear.com/her-gp/kgycinc/wjt
* hxxps://hx.nihxdzzs.com/dz-gp/cfmwzu/uyeo
* hxxps://prep.preprestamoshol.com/seg-gp/pdorj/tisqwfnkr
* hxxps://tlon.pegetloanability.com/anerf-gp/jwnmk/dgehtkzh
Using the same technique and obfuscation methods SpyLoan samples hide in his
code the ability to exfiltrate larges amount of sensitive data from their
victims, including:
* Call Logs: Collects call log data from the device if permissions are granted
* Number: The phone number of the caller
* Type: Type of call (incoming, outgoing, missed)
* Duration: The duration of the call
* Date: The timestamp of the call
* Name: The name of the contact (if available)
* Files in download directory with metadata: file name, extension, file size,
last modified timestamp
* All accounts on the device, emails and social media accounts.
* Information about all apps installed
Other miscellaneous information collected:
* Device and Network information:
* Subscriber ID
* DNS Information
* Device ID (IMEI)
* MAC address
* Country code
* Network Operator Name
* Language
* Network Type (WIfi, 4G, 3G, etc)
* Phone number
* Locale information (country code, display language)
* Time Zone
* Development Settings (enable or disable)
* Phone Type (GSM, CDMA)
* Elapsed Real-Time (The elapsed time since device was booted)
* Proxy Configuration
* SIM Information
* SIM country ISO Code
* SIM Serial Number (ICCID)
* Location:
* Permission: It checks for ACCESS_COARSER_LOCATION
* Location provider: Check if GPS or network location are available
* Last known location: Latitude or longitude
* Geocoding information (converts latitude and longitude into a structured
address):
* Country name
* Admirative area
* City
* Street
* Address Line
* Device configuration
* Number of images: It counts the number of images files in external
storage
* Test Mode: reports if the device is in test mode
* Keyboard Configuration
* Current time
* Enabled accessibility services flag
* OS Settings:
* Android version details (version, sdk level, fingerprint, id, display
build)
* Hardware information (device name, product name, device model, hardware
details, device brand, board info, device serial number)
* System configuration (bootloader version, build host, build user, CPU
info)
* Network (radio version, system type, build tags)
* Storage Information:
* External storage path, size,
* Internal storage: total size, available size.
* Memory information: total RAM, available RAM
* Sensor data
Data from sensors such as accelerometers, gyroscopes, magnetometers if available
on the affected device. This information includes:
* Sensor type, sensor name, version, vendor, maximum range, minimum delay,
power consumption, resolution.
Sensor data can be used for device fingerprinting and user’s behavioral
monitoring.
* Battery Information:
* Battery level
* Battery status: Indicates if the devices is plugged
* Other battery metadata: health, if present, voltage, battery technology,
type, etc.
* Audio settings (maximum and current volume levels)
VICTIM EXPERIENCES
Users have reported alarming experiences, such as:
* Receiving threatening calls and death threats for delayed payments.
* Having personal photos and IDs misused to intimidate them.
* The app accesses their contacts to send harassing messages to friends and
family.
Typical comments on fake loan apps:
For example, “Préstamo Seguro-Rápido, Seguro” had many fake positive reviews on
Google Play while a few consistent users reviews that alleged abuse of the
collected data, extorsion and harassment.
Figure 7: User reviews in Spanish
October 18, 2024
I do not recommend this app. They start calling and threatening you with edited
photos and posting them on social media, even sending them to your contacts, a
day before. Even when it’s not the due date. Not recommended at all! Pure fraud
and extortion.
September 25, 2024
Horrible app, they don’t show you how much interest they will charge, which is a
lot, and before the payment date arrives, they start threatening your contacts
and even send you personal messages with threats and foul language, threatening
to extort your family.
Meanwhile other apps receive similar negative comments:
Figure 8: Comments on SpyLoan apps
GLOBAL IMPACT OF SPYLOANS APPS
WORLDWIDE ISSUE WITH LOCAL VARIATIONS
Figure 9: Global prevalence of SpyLoan apps
These threats are not confined to a single region; they’ve been reported
globally with localized adaptations. Predatory loan apps activities have been
identified worldwide not limited to the variants technically described in this
post, the following incidents can provide a wider context of the impact of this
threat:
* Asia:
* India: Users faced harassment and data leaks from apps misusing granted
permissions. Authorities have taken action against such apps
* Southeast Asia: Countries like Thailand, Indonesia, Vietnam and Philippines
have reported significant issues with these apps exploiting users’
financial vulnerabilities.
* Bank of Thailand advise center
* Africa:
* Nigeria, Kenya, Uganda: Similar apps have led to financial fraud and
unauthorized transactions, targeting a large unbanked population.
* Latin America:
* Mexico, Colombia, Chile and Peru: Users have reported threats and
harassment, with apps misusing personal data for extortion.
Ranking of top 10 countries with highest prevalence of Fake Loans apps according
to McAfee telemetry Q3 2024:
* India
* Mexico
* Philippines
* Indonesia
* Thailand
* Kenya
* Colombia
* Vietnam
* Chile
* Nigeria
LAW ENFORCEMENT ACTIONS
According to a report by the Judiciary of Peru, authorities conducted a major
raid on a call center engaged in extortion and the operation of fake loan apps
targeting individuals in Peru, Mexico, and Chile.
The police reported that over 300 individuals were linked to this criminal
operation, which had defrauded at least 7,000 victims across multiple
countries.
The call center employees were trained specifically to extort victims. Using
information collected from the SpyLoan apps, they threatened users to extract as
much money as possible by imposing inflated interest rates and additional fees.
Meanwhile in Chile, the commission for commission for the financial market (CMF)
highlights in their website tens of fraudulent credit applications that has been
distributed on Google Play, also the national consumer service (SERNAC) reports
more cases.
In May 2024, the Chilean police has detained over 25 people linked to one Fake
Loans operations that scammed over 2,000 victims according to La Tercera.
Despite the efforts the activity of these malware applications continues and
increases in South America and the rest of the world.
CONCLUSION
The threat of Android apps like SpyLoan is a global issue that exploits users’
trust and financial desperation. These apps leverage social engineering to
bypass technical security measures and inflict significant harm on individuals.
Despite law enforcement actions to capture multiple groups linked to the
operation of SpyLoan apps, new operators and cybercriminals continue to exploit
these fraud activities, especially in South America, Southeast Asia and Africa.
SpyLoan apps operate with similar code at app and C2 level across different
continents this suggest the presence of a common developer or a shared framework
that is being sold to cybercriminals. This modular approach allows these
developers to quickly distribute malicious apps tailored to various markets,
exploiting local vulnerabilities while maintaining a consistent model for
scamming users.
By reusing code and tactics, they can efficiently target different countries,
often evading detection by authorities and creating a widespread problem that is
difficult to combat. This networked approach not only increases the scale of the
threat but also complicates efforts to trace and shut down these operations, as
they can easily adapt and relocate their operations to new regions.
By understanding how these malicious apps operate and taking proactive steps to
protect ourselves, we can mitigate the risks and help others do the same.
HOW TO PROTECT YOURSELF: TIPS AND RECOMMENDATIONS
BE CAUTIOUS WITH PERMISSIONS
* Review Permissions Carefully: Be wary of apps requesting permissions that
seem unnecessary for their function.
* Limit Permissions: Deny permissions that are not essential.
VERIFY APP LEGITIMACY
* License and Registration: Ensure the institution is registered and licensed
to operate in your country. Verify with your financial regulator’s authority
or consumer protection agency.
* Read User Reviews: Look for patterns of complaints about fraud or data
misuse, pay special attention in apps with polarized reviews that might
contain fake positive reviews.
* Research the Developer: Look up the developer’s name, website, and reviews.
Even if the app contains privacy policy which is mandatory on Google Play
this might not be honored by scammers.
USE SECURITY MEASURES
* Install Security Software: Use reputable antivirus and anti-malware apps.
* Keep Your Device Updated: Regular updates can protect against
vulnerabilities.
PRACTICE SAFE ONLINE BEHAVIOR
* Don’t Share Sensitive Information: Provide personal data only to trusted and
verified entities.
* Be Skeptical of Unrealistic Offers: If it sounds too good to be true, it
probably is.
REPORT SUSPICIOUS ACTIVITY
* Notify App Stores: Report fraudulent apps to help protect others.
* Contact Authorities: If you’re a victim, report the incident to local law
enforcement or cybercrime units.
IOC
Package App Name Downloads Country SHA256 com.prestamoseguro.ss Préstamo
Seguro-Rápido, seguro 1M Mexico
f71dc766744573efb37f04851229eb47fc89aa7ae9124c77b94f1aa1ccc53b6c
com.voscp.rapido Préstamo Rápido-Credit Easy 1M Colombia
22f4650621fea7a4deab4742626139d2e6840a9956285691b2942b69fef0ab22
com.uang.belanja ได้บาทง่ายๆ-สินเชื่อด่วน 1M Senegal
b5209ae7fe60abd6d86477d1f661bfba306d9b9cbd26cfef8c50b81bc8c27451
com.rupiahkilat.best RupiahKilat-Dana cair 1M Senegal
9d51a5c0f9abea8e9777e9d8615bcab2f9794b60bf233e3087615638ceaa140e
com.gotoloan.cash ยืมอย่างมีความสุข – เงินกู้ 1M Thailand
852a1ae6193899f495d047904f4bdb56cc48836db4d57056b02352ae0a63be12
com.hm.happy.money เงินมีความสุข – สินเชื่อด่วน 1M Thailand
43977fce320b39a02dc4e323243ea1b3bc532627b5bc8e15906aaff5e94815ee
com.kreditku.kuindo KreditKu-Uang Online 500K Indonesia
dfbf0bf821fa586d4e58035ed8768d2b0f1226a3b544e5f9190746b6108de625
com.winner.rupiahcl Dana Kilat-Pinjaman kecil 500K Indonesia
b67e970d9df925439a6687d5cd6c80b9e5bdaa5204de14a831021e679f6fbdf1
com.vay.cashloan.cash Cash Loan-Vay tiền 100K Vietnam
e303fdfc7fd02572e387b8b992be2fed57194c7af5c977dfb53167a1b6e2f01b
com.restrict.bright.cowboy RapidFinance 100K Tanzania
e59fd9d96b3a446a2755e1dfc5a82ef07a3965866a7a1cb2cc1a2ffb288d110c
com.credit.orange.enespeces.mtn.ouest.wave.argent.tresor.payer.pret PrêtPourVous
100K Senegal 453e23e68a9467f861d03cbace1f3d19909340dac8fabf4f70bc377f0155834e
com.huaynamoney.prestamos.creditos.peru.loan.credit Huayna Money – Préstamo
Rápido 100K Peru
ef91f497e841861f1b52847370e2b77780f1ee78b9dab88c6d78359e13fb19dc
com.credito.iprestamos.dinero.en.linea.chile IPréstamos: Rápido Crédito 100K
Chile 45697ddfa2b9f7ccfbd40e971636f9ef6eeb5d964e6802476e8b3561596aa6c2
com.conseguir.sol.pe ConseguirSol-Dinero Rápido 100K Peru
79fd1dccfa16c5f3a41fbdb0a08bb0180a2e9e5a2ae95ef588b3c39ee063ce48
com.pret.loan.ligne.personnel ÉcoPrêt Prêt En Ligne 50K Thailand
27743ab447cb3731d816afb7a4cecc73023efc4cd4a65b6faf3aadfd59f1768e
INTRODUCING MCAFEE+
Identity theft protection and privacy for your digital life
Download McAfee+ Now
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer
and mobile security threats.
McAfee Labs Threat Research Team
McAfee Labs is one of the leading sources for threat research, threat
intelligence, and cybersecurity thought leadership. See our blog posts below for
more information.
MORE FROM MCAFEE LABS
Previous
QUALITY OVER QUANTITY: THE COUNTER-INTUITIVE GENAI KEY
It’s been almost two years since OpenAI launched ChatGPT, driving increased
mainstream awareness of and access to...
Jun 28, 2024 | 3 MIN READ
FAKE BAHRAIN GOVERNMENT ANDROID APP STEALS PERSONAL DATA USED FOR FINANCIAL
FRAUD
Authored by Dexter Shin Many government agencies provide their services online
for the convenience of their citizens....
May 31, 2024 | 7 MIN READ
HOW SCAMMERS HIJACK YOUR INSTAGRAM
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user
base and dynamic platform, has become...
May 14, 2024 | 6 MIN READ
FROM SPAM TO ASYNCRAT: TRACKING THE SURGE IN NON-PE CYBER THREATS
Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous
Remote Access Trojan,” represents a...
May 08, 2024 | 10 MIN READ
LUMMA STEALER ON THE RISE: HOW TELEGRAM CHANNELS ARE FUELING MALWARE
PROLIFERATION
Authored by: M. Authored by: M, Mohanasundaram and Neil Tyagi In today’s rapidly
evolving cyber landscape, malware...
Nov 20, 2024 | 18 MIN READ
THE DARK SIDE OF GEN AI
There’s no denying that Generative Artificial Intelligence (GenAI) has been one
of the most significant technological developments...
Nov 18, 2024 | 5 MIN READ
BEHIND THE CAPTCHA: A CLEVER GATEWAY OF MALWARE
Authored by Yashvi Shah and Aayush Tyagi Executive summary McAfee Labs recently
observed an infection chain where...
Sep 20, 2024 | 8 MIN READ
CRACKED SOFTWARE OR CYBER TRAP? THE RISING DANGER OF ASYNCRAT MALWARE
Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways
to exploit unsuspecting users are...
Sep 19, 2024 | 14 MIN READ
NEW ANDROID SPYAGENT CAMPAIGN STEALS CRYPTO CREDENTIALS VIA IMAGE RECOGNITION
Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new
type of mobile malware that...
Sep 05, 2024 | 10 MIN READ
THE SCAM STRIKES BACK: EXPLOITING THE CROWDSTRIKE OUTAGE
Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we
witnessed one of the most significant...
Jul 30, 2024 | 5 MIN READ
OLYMPICS HAS FALLEN – A MISINFORMATION CAMPAIGN FEATURING A VOICE CLONED ELON
MUSK
Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the
2024 Paris Olympics,...
Jul 26, 2024 | 6 MIN READ
CLICKFIX DECEPTION: A SOCIAL ENGINEERING TACTIC TO DEPLOY MALWARE
Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered
a highly unusual method of malware...
Jul 11, 2024 | 9 MIN READ
QUALITY OVER QUANTITY: THE COUNTER-INTUITIVE GENAI KEY
It’s been almost two years since OpenAI launched ChatGPT, driving increased
mainstream awareness of and access to...
Jun 28, 2024 | 3 MIN READ
FAKE BAHRAIN GOVERNMENT ANDROID APP STEALS PERSONAL DATA USED FOR FINANCIAL
FRAUD
Authored by Dexter Shin Many government agencies provide their services online
for the convenience of their citizens....
May 31, 2024 | 7 MIN READ
HOW SCAMMERS HIJACK YOUR INSTAGRAM
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user
base and dynamic platform, has become...
May 14, 2024 | 6 MIN READ
FROM SPAM TO ASYNCRAT: TRACKING THE SURGE IN NON-PE CYBER THREATS
Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous
Remote Access Trojan,” represents a...
May 08, 2024 | 10 MIN READ
LUMMA STEALER ON THE RISE: HOW TELEGRAM CHANNELS ARE FUELING MALWARE
PROLIFERATION
Authored by: M. Authored by: M, Mohanasundaram and Neil Tyagi In today’s rapidly
evolving cyber landscape, malware...
Nov 20, 2024 | 18 MIN READ
THE DARK SIDE OF GEN AI
There’s no denying that Generative Artificial Intelligence (GenAI) has been one
of the most significant technological developments...
Nov 18, 2024 | 5 MIN READ
BEHIND THE CAPTCHA: A CLEVER GATEWAY OF MALWARE
Authored by Yashvi Shah and Aayush Tyagi Executive summary McAfee Labs recently
observed an infection chain where...
Sep 20, 2024 | 8 MIN READ
CRACKED SOFTWARE OR CYBER TRAP? THE RISING DANGER OF ASYNCRAT MALWARE
Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways
to exploit unsuspecting users are...
Sep 19, 2024 | 14 MIN READ
NEW ANDROID SPYAGENT CAMPAIGN STEALS CRYPTO CREDENTIALS VIA IMAGE RECOGNITION
Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new
type of mobile malware that...
Sep 05, 2024 | 10 MIN READ
THE SCAM STRIKES BACK: EXPLOITING THE CROWDSTRIKE OUTAGE
Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we
witnessed one of the most significant...
Jul 30, 2024 | 5 MIN READ
OLYMPICS HAS FALLEN – A MISINFORMATION CAMPAIGN FEATURING A VOICE CLONED ELON
MUSK
Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the
2024 Paris Olympics,...
Jul 26, 2024 | 6 MIN READ
CLICKFIX DECEPTION: A SOCIAL ENGINEERING TACTIC TO DEPLOY MALWARE
Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered
a highly unusual method of malware...
Jul 11, 2024 | 9 MIN READ
QUALITY OVER QUANTITY: THE COUNTER-INTUITIVE GENAI KEY
It’s been almost two years since OpenAI launched ChatGPT, driving increased
mainstream awareness of and access to...
Jun 28, 2024 | 3 MIN READ
FAKE BAHRAIN GOVERNMENT ANDROID APP STEALS PERSONAL DATA USED FOR FINANCIAL
FRAUD
Authored by Dexter Shin Many government agencies provide their services online
for the convenience of their citizens....
May 31, 2024 | 7 MIN READ
HOW SCAMMERS HIJACK YOUR INSTAGRAM
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user
base and dynamic platform, has become...
May 14, 2024 | 6 MIN READ
FROM SPAM TO ASYNCRAT: TRACKING THE SURGE IN NON-PE CYBER THREATS
Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous
Remote Access Trojan,” represents a...
May 08, 2024 | 10 MIN READ
Next
* 1
* 2
* 3
Back to top
*
*
*
*
*
--------------------------------------------------------------------------------
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA
Products
McAfee+™ Individual
McAfee+™ Family
McAfee® Total Protection
McAfee® Antivirus
McAfee® Safe Connect
McAfee® PC Optimizer
McAfee® TechMaster
McAfee® Mobile Security
Resources
Antivirus
Free Downloads
Parental Controls
Malware
Firewall
Blogs
Activate Retail Card
McAfee Labs
Support
Customer Service
FAQs
Renewals
Support
Community
About
About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap
--------------------------------------------------------------------------------
United States / English Copyright © 2024 McAfee, LLC
Copyright © 2024 McAfee, LLC
United States / English
✓
Thanks for sharing!
AddToAny
More…
Feedback