In today’s world, our smartphones hold more than just photos—they store our private lives. With technology advancing rapidly, it’s crucial to stay alert about the apps we use.

Are your apps putting your security at risk?


A recent report has sent shockwaves through the digital community, revealing that a staggering 8 million installations of certain Android apps have been part of a “global threat exploiting social engineering.”

These apps, designed to deceive and manipulate, can lead to extortion, harassment, and significant financial loss.

McAfee's mobile research team has uncovered a worrying trend: a significant global increase in predatory loan apps, known as SpyLoan apps.


These apps specifically target Android users with social engineering tactics to extract sensitive information and gain excessive permissions on your device.

The end goal? To siphon off your hard-earned money.


These 15 apps, identified by McAfee, have been downloaded over 8 million times and share a common back-end framework that allows them to control installed apps and extract data from devices.

Alarmingly, these apps were not just sideloaded; they were available on the official Google Play Store.

While Google has taken action by removing some of these apps, others have been updated by developers to remove the threats.

The specific list of 15 apps has been made public, and it's crucial for you to check your phone and uninstall any that you find.

The risk of keeping them is simply too high.

These SpyLoan apps entice users with the promise of quick, flexible loans with low rates and minimal requirements—a classic case of offers that are too good to be true.


These apps operate within a grey area, abusing permissions and engaging in malicious business practices without being classified as actual malware.

This allows them to often bypass app store vetting processes and appear trustworthy on platforms like Google Play.

Google advises always having Play Protect enabled to flag suspicious apps, but for those already affected, this advice comes too late.


Google has provided guidance for Android users to help identify if their devices might be compromised. Here are some symptoms to look out for:

• Alerts about a virus or an infected device.
• Anti-virus software that stops functioning or runs erratically.
• A noticeable decrease in your device’s operating speed.
• An unexpected decrease in storage space.
• Malfunctions or complete failure of your device.
• Pop-up ads, new tabs that won't go away, or unwanted Chrome extensions.
• Changes in your Chrome homepage or search engine without your permission.
• Contacts receiving messages from you that you didn't send.

If you notice any of these signs, it's time to take action:

• Ensure Google Play Protect is turned on.
• Check for and install any available Android device & security updates.
• Remove untrusted apps, especially those not sourced from the Play Store.
• Perform a Security Checkup on your device.

We urge you to review the apps on your phone, update your security settings, and spread the word to friends and family.

Cybersecurity is a collective effort, and by sharing this information, we can help safeguard each other's privacy and finances.

In a related story, find out which websites could spell trouble for Chrome, Safari, Firefox, and Edge users here.
Have you encountered any suspicious apps or experienced a security breach? Do you have tips for managing app permissions or maintaining digital hygiene? Share your stories and advice in the comments below.