Autolycos Malware Found In Google Play Store

Over 3,000,000 people downloaded a new Android malware family from the Google Play Store that discreetly subscribes users to premium services. Maxime Ingrao, an Evina security researcher, found the malware, known as “Autolycos,” in at least eight Android applications, of which two are still downloadable from the Google Play Store as of this writing.

In the Play Store, KellyTech’s “Funny Camera,” which has had over 500,000 instals, and rxcheldiolola’s “Razer Keyboard & Theme,” which has received over 50,000 instals, are the two remaining apps. The remaining six programmes have been taken down from the Google Play Store, but individuals who continue to use them run the risk of having their subscriptions to expensive services renewed by the malware.

Read more:

One million downloads of Vlog Star Video Editor (com.vlog.star.video.editor)
1 million downloads of the Creative 3D Launcher software (app.launcher.creative3d).
100,000 downloads of Wow Beauty Camera (com.wowbeauty.camera).
100,000 downloads of the Gif Emoji Keyboard (com.gif.emoji.keyboard).
5,000 downloads of Freeglow Camera 1.0.0 (com.glow.camera.open).
1,000 downloads of Coco Camera v1.1 (com.toomore.cool.camera).

The researcher told Bleeping Computer during a conversation with Ingrao that he first noticed the apps in June 2021 and immediately informed Google of his discovery. Google confirmed receiving the information, but it took them six months to delete the six dangerous apps, and two of them are still available on the Play Store. The researcher made his findings public after a significant amount of time had passed since the initial reporting.

Functions and promotion of Autolycos In place of using Webview, Autolycos uses stealthy malicious behaviour to execute URLs on remote browsers and then include the results in HTTP requests. This behaviour is intended to hide its actions from users of infected devices so that they won’t be noticed. When malicious apps were installed on a smartphone, they frequently asked for authorization to view SMS content, which gave them access to a victim’s SMS text messages.

The Autolycos owners launched various social media advertising campaigns to draw in new users to the apps. Ingrao discovered 74 Facebook ad campaigns for the Razer Keyboard & Theme alone. Additionally, while some fraudulent apps on the Play Store received unavoidably bad reviews, some with less downloads continue to have positive user ratings thanks to fake reviews. Android users should have Play Protect activated, monitor background internet data and battery usage, and attempt to install the fewest number of apps possible on their handsets in order to protect themselves against these attacks.

Leave a Comment