Malicious Loan App Removed From iOS And Google Play App Store Posed Severe Risks To Users
Check Point, Monday, June 16th, 2025
In February 2025, our detection engines identified a SpyLoan application on a victim's device. The detected sample belonging to the 'RapiPlata' application, which was available on Google Play (GP) and downloaded by over 100K victims.
We estimate that around 150K victims have downloaded the app from both the Google Play Store and the Apple App Store, further highlighting the scale of the threat. This detection was made possible by Harmony Mobile's machine learning model, which flagged the app as malicious.
Notably, 'RapiPlata' achieved a Top 20 ranking in the finance category on SimilarWeb's platform in Colombia, indicating significant user engagement.
Our analysis revealed that the app had extensive access to sensitive user data-including SMS messages, call logs, calendar events, and installed applications-even going so far as to upload this data to its servers.