Tag Archive for: Loan

Zimperium Discovers Novel Predatory Loan Malware In Flutter Apps

/in


Zimperium, have revealed details of a newly discovered Android malware campaign hidden in money lending apps developed with Flutter, a software development kit used to create applications that work across multiple platforms, including Android and iOS

The team at Zimperium zLabs have unearthed MoneyMonger, a menace that takes advantage of personal data taken from a device to extort the victims into paying more than what the usurious loans necessitate.

The malicious code is a part of the predatory loan malware scheme previously discovered by K7 Security Labs.

This recently identified malicious software has been operational since May 2022 and is utilising a variety of methods of manipulating its targets. It starts with a fraudulent loan offer that promises a fast payout.

When the person attempts to access the app, they are informed that certain authorizations need to be granted on their mobile device in order for them to qualify for the loan.

MoneyMonger takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis.

Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.

The MoneyMonger malware is distributed solely through third-party app stores or is sideloaded onto the victim’s device through phishing messages, compromised websites, social media campaigns or other tactics. It has not been found in any Android app stores.

Upon infiltrating a user’s device, MoneyMonger will send all kinds of private information to their server, including apps that are installed, GPS coordinates, text messages, contact list, device specifications, and other data related to images.

This stolen information is used to blackmail and threaten victims into paying excessively high-interest rates. If the victim fails to pay on time, and in some cases even after the loan is repaid, the malicious actors threaten to reveal information, call people from the contact list, and even send photos from the device.

MoneyMonger is a risk to individuals and enterprises because it collects a wide range of data from the victim’s device,…

Source…

News Updates: ED seizes RS 78 cr from search operations in respect to Chinese Loan App Case

/in


Directorate of Enforcement (ED) has carried out search operations under the provisions of the Prevention of Money Laundering Act (PMLA), 2002 on 19.10.2022 at 05 premises in Bengaluru, in respect to an investigation relating to the Chinese Loan App Case.

The case is based on 18 FIRs registered by Cyber Crime Police Station, Bengaluru City against numerous entities/persons in connection with their involvement in extortion and harassment of the public who had availed small amounts of loans through the mobile apps being run by these entities/persons.

During PMLA investigation, it has emerged that these entities are controlled/operated by Chinese Nationals. The modus operandi of these entities is using forged documents of Indians and making these Indinas dummy directors of those entities and generating proceeds of crime. It has come to notice that the said entities were doing their suspected/illegal business through various Merchant IDs/Accounts held with Payment Gateways/banks.

Based on the investigation conducted and inputs received from the Central Crime Branch, Bengaluru city, the search operation was carried out in this case. The premises of Razorpay Pvt Ltd and the Bank’s compliance offices related to these entities were covered in the search operation. During the search operation, it was noticed that the said entities were generating proceeds of crime through various Merchant IDs/Accounts held with Payment Gateways/banks and they have submitted fake addresses in KYC documents.

An amount of Rs 78 Crore has been seized u/s 17(1) in merchant IDs and bank accounts of these Chinese persons-controlled entities. Total seizure, in this case, now stands is Rs 95 Crore.

!1 New UpdateClick here for latest updates

British minister Penny Mordaunt announces bid to be next UK PM

British minister Penny Mordaunt on Friday launched her bid to replace Liz Truss as prime minister, becoming the first Conservative lawmaker to announce they are running. Mordaunt, 49, has navigated the tenures of the four prime ministers she has served under, keeping her distance from Boris Johnson’s scandal-ridden time in power and staying in cabinet under Theresa May to make her support for Brexit…

Source…

Waiting for loan forgiveness, borrowers are targets for scammers

/in


After President Biden announced his sweeping student loan forgiveness plan in August, borrowers flooded the studentaid.gov website for information on what to do next. For a lot of them, the answers weren’t particularly satisfying: sign up for an email alert and wait for the application to be released in early October.

Carolina Rodriguez says she’s already getting emails from anxious clients worried about getting their debts forgiven before student loan payments resume in January. She’s director of the Education Debt Consumer Assistance Program in New York.

“The stress is about to hit. As the weeks go by, the stress is going to be real,” she says.

And that stress has left an opening for scammers to step into.

“It’s a ripe environment for scammers to really prey on that kind of desperation,” says Katie Paul, director of the Tech Transparency Project, or TTP, a nonprofit organization that monitors tech companies.

Scams were a problem even before Biden’s announcement. More than 1 in 10 Google ads for searches on student loan forgiveness were fraudulent, according to a TTP report in July. And while new data isn’t yet available, experts tell NPR the problem has gotten worse in the weeks since Biden’s big reveal, with borrowers encountering scams in text messages, phone calls and emails. There’s even a gray area of legitimate companies asking borrowers to pay for student loan services that should be free.

Education Secretary Miguel Cardona says he’s aware that “there are bad actors out there.” He recently told NPR his advice to borrowers is simple: “Go to our website studentaid.gov/debtrelief to get information and don’t go anywhere else. Don’t open up those emails. Don’t.”

But promising borrowers debt relief and then asking them to hold on for over a month has left many vulnerable to fraud.

When asked why the administration did not wait to announce the program until the application was ready for borrowers, Cardona said, “we couldn’t create an application if it hadn’t been a policy that the president would have put forth.”

While the government takes the time to now build out the program, experts say borrowers are exposed on all sides: texts, emails, ads and phone calls.

Borrowers receive scam…

Source…

How digital loan providers breach data privacy, violate rights of Nigerians

/in


In July, Piye Garuba needed N10,000 for an important task. So when he saw 9Credit, an online platform, offering short-term loans, he grabbed the offer.

The 31-year-old Abuja-based lawyer was elated when the approval of his loan request arrived shortly after filling, on the app, the Know Your Customer (KYC) form with necessary details such as his Bank Verification Number (BVN).

Little did Mr Piye know that it was the beginning of a relationship that would turn sour.

After repaying the initial N10,000 with an additional 20 per cent, being the interest for seven days, Mr Garba turned to 9credit for another loan. He repeated the cycle until the eleventh time when he defaulted.

“When I defaulted, that was sometimes at the end of August, I began to receive multiple text messages from different sources saying they are Recovery Agents from 9Credit. The agents kept sending threatening messages to all my contact lists including my wife, colleagues, mother-in-law and uncles,” said Mr Garba.

“The harassment went further with several threats and curses. Also, using all manners of offensive adjectives like “Chronic and Unremorseful Debtor” some of the text messages stated that I had been declared ‘wanted.”

Mr Garuba said despite the insults and embarrassment to him and members of his family, he was not bitter because he understood that he had breached an agreement by not paying up when due.

A Defamatory text message sent to Mr Garuba's wife from 9Credit
A Defamatory text message sent to Mr Garuba’s wife from 9Credit

“It was my fault because I defaulted and it was for a reason because I was going through a tough time. And not that I wasn’t going to pay, or that I had ulterior motives to run away with their money.”

The legal practitioner eventually sometime early in September made attempts to repay the loan on the app but was unsuccessful. He then decided to make a direct bank transfer to the money-lending platform’s bank account.

Screenshot of another threatening message sent to Mr. Garuba
Screenshot of another threatening message sent to Mr. Garuba

“I began to experience trouble with the app so I wasn’t able to pay up at the initial time. After trying several times without success, and whereas there was this particular agent who had been calling me for…

Source…