Jump to content

Kaspersky Premium (Android) RiskTool.AndroidOS.SpyLoan Alert


Recommended Posts

always_working
Posted

Hello,

Received this alert when running a scan on my phone - please see the attached screenshot.

I read the article at https://www.bleepingcomputer.com/news/security/mobile-trojan-detections-rise-as-malware-distribution-level-declines/ and my initial reaction is that this app has been noted as one that needs permissions often associated with malicious apps.

I can say that this alert only appeared after updating the app to the most recent version.

Am I correct in my assumption or is it possible that the app has been compromised?

Any help is appreciated as this is concerning to me and potentially time-sensitive.  It's actually the first such alert I've received using the app on Android.

Screenshot_20231020_173421_Kaspersky.jpg

Flood and Flood's wife
Posted (edited)
4 hours ago, always_working said:

I can say that this alert only appeared after updating the app to the most recent version.

Any help is appreciated as this is concerning to me and potentially time-sensitive.

Hello @always_working

Welcome back!

💥Read before you create a new topic! - & post the required information - we should not have to guess OR waste time figuring out basic information you should be providing💥

⚠️When issues are *concerning & potentially time-sensitive* - contact Kaspersky Customer Service - they will give you an almost immediate response & are paid to do so⚠️

  1. *Which* app was updated to the most recent version - Kaspersky OR YouMail? 
  2. The alert / Kaspersky - is telling (you) the app has *potential* to do harm - Kaspersky is trying to protect (you). 
  3. Is YouMail the mail app you use all the time? 
  4. Re-install YouMail? 
  5. Run a Full scan. 
  6.  Log a request with Kaspersky Customer Service. On the support page: https://support.kaspersky.com/b2c#contacts, select either Chat or Email, then fill in Malware, I suspect my device is infected template; please include any screen images of the error & a detailed history. Support may request logs, traces & other data; they will guide you. image.thumb.png.071c649a82ccacf0ade24f7360325cf4.png
  • Please share the outcome with the Community, when it's available? 
  • Read: Riskware (not-a-virus).
  • Read: IT threat evolution in Q2 2022. Mobile statistics:  "On the contrary, the number of attacks by the RiskTool.AndroidOS.SpyLoan riskware family (loan apps that request access to users’ text messages, contact list and photos) more than quadrupled from the first quarter."

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
pn
always_working
Posted
17 hours ago, Flood and Flood's wife said:

Hello @always_working

Welcome back!

💥Read before you create a new topic! - & post the required information - we should not have to guess OR waste time figuring out basic information you should be providing💥

⚠️When issues are *concerning & potentially time-sensitive* - contact Kaspersky Customer Service - they will give you an almost immediate response & are paid to do so⚠️

My apologies for not providing the basic information initially which I will ensure I do moving forward.

Android One UI 5.1 (Android 13-based)

Youmail version 5.5.0

Kaspersky Premium (Android) version 11.105.4.10750

With respect to Kaspersky (I love their products), I have had much better experiences and more success posting here.

Youmail is the app in question that was just updated to the most recent version.  Youmail's not a mail app - it's a call screener to stop robocalls that I use consistently.  Seeing this detection on two different phones and reinstalling Youmail doesn't stop it.  Running an older version of the same app on a different phone with no such detection.

I don't think the app is malicious but I've also reached out to that company directly and will follow up.  I know it's preferable to know that to suppose, but I do think it's being identified as riskware solely due to the permissions it needs and not because it's malicious.

A full scan shows the same detection but nothing else.

Your reply would be appreciated.

 

 

Flood and Flood's wife
Posted (edited)
10 hours ago, always_working said:

Your reply would be appreciated.

Hello @always_working

Thank you for posting back & the information! Danila T. wrote the guidelines for a reason - it would be gold if *all* Community members used them - *all* the time!

We understand (your) reluctance to contact Kaspersky & the logic behind it *however* in this specific case - Kaspersky's VIRUS LAB & their experts are the team that needs to be engaged - the VL experts are the only ones who can give advice on the alert

Even if one of the Kaspersky team (geniuses) who sometimes give advice in the Community were to participate in this topic - they would advise you to follow step 6. in our first reply.

Please do so & please share the outcome with the Community? 

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
grammar😌
  • 1 month later...
always_working
Posted (edited)

As an update, I reached out to Youmail who communicated with Kaspersky, and asked them to stop identifying their app as a possible exploit.

The alert stopped appearing a day or so after.

Thanks again for your assistance!

 

Edited by always_working
  • Thanks 1
Flood and Flood's wife
Posted
11 hours ago, always_working said:

As an update, (1) I reached out to Youmail who communicated with Kaspersky, and asked them to stop identifying their app as a possible exploit.

👉The alert stopped appearing a day or so after.

Thanks again for your assistance!

Hello @always_working

You're most welcome!

Well done & congratulations & may we again state - 👉that outcome👈 would not have happened - without you or your third party - contacting Kaspersky Virus Lab experts. 

Thank you🙏
Flood🐳+🐋

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...