MEGALO-(AN)-DON: Uncovering data espionage, blackmailing and shell companies in mobile lending apps targeting Asia
Years of pandemic, lockdowns, the cost-of-living crisis, and rising inflation have taken money out of people’s pockets, especially in developing nations, pushing an increasing number of people to rely on taking out personal loans. Traditional banks have been tightening their lending policies – borrowers need good credit scores, and in some countries, they even ask for collateral to lend money in this tough economic climate. Spotting a gap in the market, several malevolent mobile lending applications have arisen to lend to individuals when they are in a vulnerable situation.
Mobile lending applications have been a problem on app platforms for years, with few legitimate apps and several fraudulent ones. Researchers have been finding lending applications that have been violating policies for years. App platforms have brought in several policy updates to curb illegal applications, but they circumvent these policies with fake information and have been thriving more than ever, particularly in the Google Play Store, due to Android having a higher market share in developing nations. These lending apps claim to charge low interest and have longer repayment schedules, but in reality, have shorter repayment schedules ranging from seven days to a few weeks. Besides that, they collect vast amounts of personal data, identity details, device information, contacts, locations, SMS, and call logs, and store these details in unknown third-party locations, violating various data regulations. Some countries even classify these as hostile. When victims fail to repay within a short duration, they start charging high interest and abuse their personal data by threatening to send sensitive data to friends/relatives on the contact list, post on social media and make threatening calls. Several people have lost lives through suicide, unable to bear the torture of the agents. Technology-wise, there is a sophisticated infrastructure behind these apps, with professional-looking websites, the use of app frameworks, the use of packers to evade app platform policies, fake banking regulation certificates being created on websites to fool users, and user traffic being driven through social media and Telegram groups.
Mr. Jagadeesh Chandraiah
Jagadeesh Chandraiah is a senior malware researcher at SophosLabs, specializing in mobile malware analysis. Jagadeesh has been working at SophosLabs for over 10 years. Jagadeesh started working on Windows malware analysis and is currently focusing on mobile malware analysis. Jagadeesh has a Master’s degree in computer systems security from the University of South Wales.
Jagadeesh likes to track malware, research and find novel ways to detect and remediate them. Jagadeesh is a frequent contributor to the SophosLabs Uncut blog and has written blog posts about several mobile malware topics. Jagadeesh also regularly presents his research at international security conferences and in the past has presented his research at DeepSec, AVAR, CARO, and Virus Bulletin.
Outside of work, Jagadeesh enjoys playing badminton.