RapiPlata, a harmful mobile application identified by researchers a few months ago, has been removed from major app stores but is still available through third-party websites
Despite being flagged as malicious and taken down from both the Google Play Store and the Apple App Store, it continues to pose a serious threat. According to Harmony Mobile, a mobile security firm, the app had already been downloaded by more than 150,000 users before its removal. At one point, it even ranked among the top 20 finance apps on SimilarWeb’s platform in Colombia, indicating high levels of user engagement.
The situation is alarming because the app had broad access to private user data. Researchers found that it could collect SMS messages, call logs, calendar events, and information about installed apps, all of which were sent to remote servers.
Harmony Mobile noted that the app is still being distributed through unofficial websites that falsely present it as a legitimate Google Play download. Its initial presence on official app platforms and continued circulation through deceptive means highlight the dangers of malicious financial apps.
RapiPlata’s harmful behavior has been widely reported. Victims described receiving aggressive messages and emails, with threats of being labeled as defaulting debtors and having their personal data exposed.
Harmony Mobile stated that these tactics, along with misleading offers such as promises of low-interest loans, suggest that the app was part of a scam meant to coerce users into paying back loans they never agreed to. Its extended availability on legitimate app stores shows how significant its impact has been.
Many users have shared negative reviews, warning others about the app. One person wrote, “It’s a scam. I downloaded it but didn’t finish signing up. A few hours later, I received threatening emails saying I owed money for a loan I never got.”
Initial research from Harmony Mobile confirmed that RapiPlata functions like other known SpyLoan apps. These apps misuse permissions under the pretense of credit checks, scan SMS messages for certain keywords, and download malicious content disguised as Google Play updates.
Further analysis revealed strong similarities between RapiPlata and another SpyLoan app, “Préstamo Rápido,” which was removed from Google Play within the past year.
Although stealing data like SMS messages, call logs, and calendar details from an iPhone might seem minor, researchers explained that attackers can use these personal details as part of more complex cyberattacks, even against highly secure organizations.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
