[Update on 12/20: A Google spokesperson reached out to Laptop Mag with the following statement: "None of the identified malicious apps in the report are on Google Play. Google Play Protect (opens in new tab) checks Android devices with Google Play Services for potentially harmful apps from other sources. Google Play Protect will warn users that attempt to install or launch apps that have been identified to be malicious.]
Cybersecurity firm Zimperium discovered a harrowing new malware campaign, dubbed MoneyMonger, that uses money-lending apps as bait to lure despondent victims into its predatory-loan lair.
After goading its victims to relinquish permissions on their devices, MoneyMonger steals private information from their quarries. With this data, the malicious actors utilize social engineering and extortion tactics, forcing victims to shell out hard-earned money they didn't have in the first place.
What is MoneyMonger?
As mentioned, MoneyMonger is a relatively new malware campaign that has been active since May 2022. It uses predatory-loan apps to bait users who are in desperate need of money. One of these apps, according to Zimperium investigators, is called Fast Rupee - Online App.
The apps used in the MoneyMonger malware campaign were not found in official Android stores (e.g., Google Play Store), but they were distributed via third-party app stores, allowing users to sideload them onto their devices. The apps often promise quick money to users, but before they can receive payment, they must relinquish certain permissions on their device to prove they're in good standing to receive the loan.
"This gives the victim confidence to enable the very revealing local permissions on the devices, enabling the malicious actors to steal private information from the endpoint," the Zimperium report says. Unfortunately, this is where the harrowing nature of MoneyMonger comes into play. Now that cybercriminals have access to victims' private information, malicious actors use the data to blackmail victims into paying sky-high penalties.
MoneyMonger can access installed apps, GPS locations, SMS messages, contact information, device information, image metadata, camera, call logs, sound recordings, and more.
MoneyMonger victim pleads for help in review
Zimperium revealed a screenshot of an alarming review left by a victim of the MoneyMonger campaign:
"They are threatening me with different Whatsapp number, landline numbers, mobile numbers, and all this number are from different countries. They are torturing [a] lot and also abusing a lot. Threatening to viral my nude pictures to all my contacts, also calling my contacts and harassing them. This [app is] charging high interest and penalty pursuing us to pay the amount. Please, if you can help me in this matter. I am in a big problem. They are threatening a lot and this harassment is letting me to take a decision to live no more. [Please] help me."
According to the reviews, it seems like the MoneyMonger campaign does, indeed, give users quick money, but they are harassed into paying nearly double the initial amount they received. "I have received some amount of 15000 and they calling me and asking 25000 to repay," one said.
Whether they paid or repaid the loan, it does not matter, Zimperium said. "The malicious actors behind the predatory campaign will threaten to reveal information, call people from the contact list, and even send photos stolen from the device," the report warned.
Zimperium says it's not confident about announcing the number of victims who are affected by MoneyMonger malware, but as it stands now, unofficial app stores report that the app attracted 100,000 downloads.