Cyble Research & Intelligence Labs (CRIL) discovered leaked data of over 26,500 Android users from India through the backend server of an Android application called LoanBee. LoanBee is a digital lending application that steals users’ sensitive data. This application was primarily hosted on Google Play Store with more than 100,000 installs, and now it has been removed from Google Play Store due to its unusual behavior.

This malicious app was available in Google Play Store for over a year, and its success made it one of the most popular applications on Android in India. It also gained popularity worldwide as users reported that they received fake loans from this application. However, private data of these users was stolen and potentially sold to cybercriminals all over the world.

LoanBee is an online lending platform for small loans between $100 to $5000 with terms ranging from 6 to 18 months. It provides borrowers a fast and easy loan process with support for both Indian rupee (INR) and US dollar (USD). However, this application is also providing data leak of its users to a third party location in the backend.

This application was able to send sensitive data of users to a server located in India. The Android app collects sensitive information such as credit card details, bank details, loan amount, and the information about loan repayment plans using online transactions for startups.

‍

Source: Fraudulent Digital Lending Android App steals sensitive data - AlienVault - Open Threat Exchange