Kaspersky Premium (Android) RiskTool.AndroidOS.SpyLoan Alert

[always_working]

Hello,

Received this alert when running a scan on my phone - please see the attached screenshot.

I read the article at https://www.bleepingcomputer.com/news/security/mobile-trojan-detections-rise-as-malware-distribution-level-declines/ and my initial reaction is that this app has been noted as one that needs permissions often associated with malicious apps.

I can say that this alert only appeared after updating the app to the most recent version.

Am I correct in my assumption or is it possible that the app has been compromised?

Any help is appreciated as this is concerning to me and potentially time-sensitive.  It's actually the first such alert I've received using the app on Android.

[Flood and Flood's wife]

4 hours ago, always_working said:

I can say that this alert only appeared after updating the app to the most recent version.

Any help is appreciated as this is concerning to me and potentially time-sensitive.

Hello @always_working, 

Welcome back!

💥Read before you create a new topic! - & post the required information - we should not have to guess OR waste time figuring out basic information you should be providing💥

⚠️When issues are *concerning & potentially time-sensitive* - contact Kaspersky Customer Service - they will give you an almost immediate response & are paid to do so⚠️

1. *Which* app was updated to the most recent version - Kaspersky OR YouMail? 
2. The alert / Kaspersky - is telling (you) the app has *potential* to do harm - Kaspersky is trying to protect (you). 
3. Is YouMail the mail app you use all the time? 
4. Re-install YouMail? 
5. Run a Full scan. 
6.  Log a request with Kaspersky Customer Service. On the support page: https://support.kaspersky.com/b2c#contacts, select either Chat or Email, then fill in Malware, I suspect my device is infected template; please include any screen images of the error & a detailed history. Support may request logs, traces & other data; they will guide you. 

• Please share the outcome with the Community, when it's available? 
• Read: Riskware (not-a-virus).
• Read: IT threat evolution in Q2 2022. Mobile statistics:  "On the contrary, the number of attacks by the RiskTool.AndroidOS.SpyLoan riskware family (loan apps that request access to users’ text messages, contact list and photos) more than quadrupled from the first quarter."

Thank you🙏
Flood🐳+🐋

Edited October 21, 2023 by Flood and Flood's wife
pn

[always_working]

17 hours ago, Flood and Flood's wife said:

Hello @always_working, 

Welcome back!

💥Read before you create a new topic! - & post the required information - we should not have to guess OR waste time figuring out basic information you should be providing💥

⚠️When issues are *concerning & potentially time-sensitive* - contact Kaspersky Customer Service - they will give you an almost immediate response & are paid to do so⚠️

My apologies for not providing the basic information initially which I will ensure I do moving forward.

Android One UI 5.1 (Android 13-based)

Youmail version 5.5.0

Kaspersky Premium (Android) version 11.105.4.10750

With respect to Kaspersky (I love their products), I have had much better experiences and more success posting here.

Youmail is the app in question that was just updated to the most recent version.  Youmail's not a mail app - it's a call screener to stop robocalls that I use consistently.  Seeing this detection on two different phones and reinstalling Youmail doesn't stop it.  Running an older version of the same app on a different phone with no such detection.

I don't think the app is malicious but I've also reached out to that company directly and will follow up.  I know it's preferable to know that to suppose, but I do think it's being identified as riskware solely due to the permissions it needs and not because it's malicious.

A full scan shows the same detection but nothing else.

Your reply would be appreciated.

 

 

[Flood and Flood's wife]

10 hours ago, always_working said:

Your reply would be appreciated.

Hello @always_working, 

Thank you for posting back & the information! Danila T. wrote the guidelines for a reason - it would be gold if *all* Community members used them - *all* the time!

We understand (your) reluctance to contact Kaspersky & the logic behind it *however* in this specific case - Kaspersky's VIRUS LAB & their experts are the team that needs to be engaged - the VL experts are the only ones who can give advice on the alert. 

Even if one of the Kaspersky team (geniuses) who sometimes give advice in the Community were to participate in this topic - they would advise you to follow step 6. in our first reply.

Please do so & please share the outcome with the Community? 

Thank you🙏
Flood🐳+🐋

Edited October 22, 2023 by Flood and Flood's wife
grammar😌

[always_working]

As an update, I reached out to Youmail who communicated with Kaspersky, and asked them to stop identifying their app as a possible exploit.

The alert stopped appearing a day or so after.

Thanks again for your assistance!

 

Edited December 3, 2023 by always_working

[Flood and Flood's wife]

11 hours ago, always_working said:

As an update, (1) I reached out to Youmail who communicated with Kaspersky, and asked them to stop identifying their app as a possible exploit.

👉The alert stopped appearing a day or so after.

Thanks again for your assistance!

Hello @always_working, 

You're most welcome!

Well done & congratulations & may we again state - 👉that outcome👈 would not have happened - without you or your third party - contacting Kaspersky Virus Lab experts. 

Thank you🙏
Flood🐳+🐋