Suicidal Instant Loan Apps — Repository for Mobile Malware Researchers
Internet is flooded these days with instant loan apps, most of them which are unregulated entities. RBI has recently come up with a notification on regulating illegal digital lending after issue become too grave that large number of suicides have taken place. (https://www.businessinsider.in/india/news/rbi-tightens-norms-for-chinese-lending-apps/articleshow/93629917.cms)
I have collated list of many such apps (will keep updating) with their virustotal link based on common detection parameters mentioned.
Malware analysts can refer the same to suggest any recommendation in dealing with the.
Interesting Observations in App:
- Liveness Detection Service
- Use of Alibaba & AWS Cloud
- ESET-Nod32 — One of best AV to flag them (Thansk to https://twitter.com/LukasStefanko)
- Payment Gateway Integrations
- International Domains (.cn, .qq, baidu etc)
- Uses all android permissions (location, storage, contacts etc) for collateral.
- Uses Cloudflare to original hosting
- Mandatory OTP based authentication (dynamic analysis). SMS comes from random SMS header registered on DLT.
- Fake reviews and extreme negative reviews in App Store
- Boosted by Advertisement in App and Search
- Sent over SMS directly
Indicative List of Instant Loan Apps:
https://www.virustotal.com/gui/file/091dfebbdf8cebc0631208f56b348441b2a21eb660dde8c2d625d542b2d3dca9
https://www.virustotal.com/gui/file/0b776ef94ab8b430249ceca2bb21d76b4d91d837995d94705d86d8f3356e7b59
https://www.virustotal.com/gui/file/0e68fa586f18872c79a224f4ec9aaba7321e7f3cefe2d4a1c09f5194c11d4781
https://www.virustotal.com/gui/file/805520c12893db68791140e63def7d58034565362f9cee4a96dadc3043f430ef
https://www.virustotal.com/gui/file/3a1195c45c21845db4943e13e95234ee3a63cf185c83f88a6022cfbbcf202d97
https://www.virustotal.com/gui/file/75e929d67bed4c941b9cd31e442da39f84eb53708b0513d10c1abf6b004a1c12
https://www.virustotal.com/gui/file/0204bd9d4c5a748bec9c5d333b16466eae6f84ba42e8a834b9ba73f38e51f8a8
https://www.virustotal.com/gui/file/29b7f45e3b0b9cac61959f529437b2910d60061c635eee048904498f675df804
Older Ones (Banned by RBI)
https://www.virustotal.com/gui/file/ea827c84a4076eebe2944b47f12e43a18ac2206880a9022e19b21efc0d29050d
https://www.virustotal.com/gui/file/a0292fe83b669def19dd8690e9ce6f4563fd807ccf3dac946447aca02c8e07ad
https://www.virustotal.com/gui/file/51acaa4a8c2bdc2c4dc74f392b80281af1c3f3ea1c720471193ac1aca263d277
https://www.virustotal.com/gui/file/7c6f128d93b74b17d2a2988e6528b833f9a2f190a7f4a587d440e9b2554c9146
https://www.virustotal.com/gui/file/62aa5986dbcbf56d628e0442d39b6b8cc4cf1629858af82ab8ac69a2e5d3cac2
Flagging issue is easier. Getting to the solution keeping in mind Laws, manpower, implementation feasibility, scale, not impacting genuine ones is most difficult task
Do provide some unique suggestions..
************
