RapiPlata, a malicious app that researchers found a few months ago, is no longer available on major app stores. However, it remains accessible through third-party websites and still poses a clear threat to users.
-
RapiPlata, a malicous loan app, remains accessible through third-party websites and still poses a clear threat to users.
-
Victims reported being subjected to harassing messages and emails, including threats of being labeled as delinquent debtors and having their personal information accessed and released.
-
Hackers targeting even highly secure organizations can leverage these personal data points as essential links in a chain of sophisticated cyberattacks.
According to Harmony Mobile, a mobile security platform, RapiPlata was downloaded by over 150,000 users before it was detected, flagged as malicious by a machine learning model, and removed from both the Google Play Store and the Apple App Store.
In fact, RapiPlata even achieved a Top 20 ranking in the finance category on SimilarWeb’s platform in Colombia, indicating significant user engagement.
All these users are now in danger because their analysis revealed that the app had extensive access to sensitive user data, including SMS messages, call logs, calendar events, and installed applications – even going so far as to upload this data to its servers.
Besides, “although the app has since been removed from both Google Play and the Apple App Store, it remains accessible through third-party websites that deceptively present it as an official download from Google Play,” said Harmony Mobile.
“Its prior availability and continued distribution underscore the risks posed by malicious financial applications.”
RapiPlata’s malicious behavior has been well-documented. Victims reported being subjected to harassing messages and emails, including threats of being labeled as delinquent debtors and having their personal information accessed and released.
“These tactics, combined with misleading claims related to low-interest rates, indicate a fraudulent scheme designed to pressure victims into repaying loans they never consented to. Its prolonged presence on official app marketplaces underscores the scale of its impact,” said Harmony Mobile.
Users have been leaving damning reviews of the app online, with one commenting: “It’s a scam. I downloaded the app and didn’t even complete the registration. Hours later, I received threatening emails saying I had to pay back a loan I never received.”
Harmony Mobile’s initial research confirmed that RapiPlata exhibits characteristics typical of SpyLoan applications, including the abuse of permissions under the guise of “credit assessment,” keyword-based SMS scanning and exfiltration, and auto-downloads of malicious payloads from fake Google Play buttons.
Further analysis uncovered strong similarities between RapiPlata and a previously identified SpyLoan app, “Préstamo Rápido,” which was removed from Google Play within the past year.
On the surface, the theft of personal information such as SMS messages, call logs, calendar entries, and lists of installed applications from an iPhone might appear insignificant, researchers said.
However, hackers targeting even highly secure organizations can leverage these personal data points as essential links in a chain of sophisticated cyberattacks.
Your email address will not be published. Required fields are markedmarked