Certain mobile financial apps offer seemingly legitimate microlending services, however, they were found to engage in scam and collect personal data from users’ smartphones. These apps request access to text messages, contacts and photos/videos before a loan can be provided. In case the user delays the debt payment, app operators may use the data collected from the smartphone for blackmailing and forcing the user to return the debt. For instance, information can be dispatched to all of the user’s contacts informing them of the user’s debt accompanied by photos from the gallery.
“The threat landscape evolves, and mobile financial cyberthreats become more sophisticated and pervasive. While downloading smartphone apps from official app stores is less risky than obtaining them from elsewhere, apps can still request the user to give access to different types of personal data that could then be misused. As smartphones are used to store an increasing amount of personal data, granting access to it raises security concerns and places additional demand on the security of mobile devices and privacy-preserving ways of storing the data,” comments Igor Golovin, Malware Analyst at Kaspersky.
To protect yourself from mobile threats, Kaspersky shares the following recommendations: