Connect with us

News

Autolycos installed 3 million times from Google Play Store
Advertisement

News Guides

Configure Android USB tethering on macOS

News Devices

Second 2022 flagship from Honor to be launched this month

News

Pixel 7 is 64-bit only, 32-bit apps still have roles to play

News Devices

The 200MP camera from Galaxy S23 Ultra will make some exceptional low-light shots

ROMs News

August 2022 security patch from Samsung makes a late appearance on the Verizon Galaxy Tab S7 series

News

Battery improvements on Samsung Galaxy S23 - leak

News

Facebook find 400 Android and iOS apps that steals log-in credentials

News

Setup fall detection on Galaxy Watch5 and Galaxy Watch5 Pro

News

What to expect from Google Pixel launch

News

Autolycos installed 3 million times from Google Play Store

Over 3,000,000 people downloaded a new Android malware family from the Google Play Store that discreetly subscribes users to premium services.

Maxime Ingrao, an Evina security researcher, found the malware, known as “Autolycos,” in at least eight Android applications, of which two are still downloadable from the Google Play Store as of this writing.

The two apps still available are named ‘Funny Camera’ by KellyTech, which has over 500,000 installations, and ‘Razer Keyboard & Theme’ by rxcheldiolola, which counts over 50,000 installs on the Play Store.

Autolycos android malware

The remaining six applications have been removed from the Google Play Store, but those who still have them installed risk being charged with costly subscriptions by the malware’s activities.

  • Vlog Star Video Editor (com.vlog.star.video.editor) – 1 million downloads
  • Creative 3D Launcher (app.launcher.creative3d) – 1 million downloads
  • Wow Beauty Camera (com.wowbeauty.camera) – 100,000 downloads
  • Gif Emoji Keyboard (com.gif.emoji.keyboard) – 100,000 downloads
  • Freeglow Camera 1.0.0 (com.glow.camera.open) – 5,000 downloads
  • Coco Camera v1.1 (com.toomore.cool.camera) –1,000 downloads

During a discussion with Ingrao, the researcher told Droid Tools that he discovered the apps in June 2021 and reported his findings to Google at the time.

Although Google acknowledged receiving the report, it took the company six months to remove the set of six, while two malicious apps remain on the Play Store to this day.

Advertisement

After so much time had passed since the initial reporting, the researcher disclosed his findings publicly.

In place of using Webview, Autolycos uses stealthy malicious behavior to execute URLs on remote browsers and then include the results in HTTP requests.

This behavior is intended to hide its actions from users of infected devices so that they won’t be noticed.

When malicious apps were installed on a smartphone, they frequently asked for authorization to view SMS content, which gave them access to a victim’s SMS text messages.

Advertisement

The Autolycos owners launched various social media advertising campaigns to draw in new users to the apps. Ingrao discovered 74 Facebook ad campaigns for the Razer Keyboard & Theme alone.

Additionally, while some fraudulent apps on the Play Store received unavoidably bad reviews, some with less downloads continue to have positive user ratings thanks to fake reviews.

Android users should have Play Protect activated, monitor background internet data and battery usage, and attempt to install the fewest number of apps possible on their handsets in order to protect themselves against these attacks.

Advertisement
Related Topics:
Continue Reading
Advertisement
Comments