The colossal amount of downloads of a new malware that lived on Google Play, these are the Android apps that integrated it
An Android malware was downloaded more than three million times, and once it was installed on users’ devices, it started subscribing them to premium services.
The virus, called Autolicos, was initially discovered by security researcher Maxime Ingrao, who explained that it was in at least eight different Android apps.
The apps in question were: Funny Camera with over 500K downloads, Razer Keyboard & Theme at 50K, Vlog Star Video Editor at 1M, Creative 3D Launcher at 1M, Wow Beauty Camera at 100K, Gif Emoji Keyboard at 100K, Freeglow Camera 1.0.0 at 5K and Coco Camera v1.1 with thousands.
A new malware family was found that subscribes to premium services 👀
8 apps since June 2021, 2 apps always on the Play Store, +3 million installs 💀💀
No webview like #Jester but only http requests
let’s call it #Autolicos 👾#Android #Malware #Evina pic.twitter.com/SgTfrAOn6H
— Maxime Ingrao (@IngraoMaxime) July 13, 2022
Ingrao told BleepingComputer, which initially discovered the apps in June 2021 and reported its findings to Google. The company does detail receiving the information, but it took them half a year to remove six of the apps, and the remaining two were canceled after the site’s report was published. Furthermore, since a long time had passed since his initial alert, the researcher decided to publish his findings.
This is how Autolycos works
According to Ingrao, the malware performs malicious behavior that allows it to execute URLs in a remote browser and log them in HTTP instead of web view so that its activity is less noticeable and undetected by compromised devices.
Also, since many of these apps requested permission to read text message content during installation, they were able to access victims’ SMS.
With the intention of avoiding this type of risk, the researcher details that it is necessary to monitor both the internet data that is consumed in the background, battery consumption, make sure you have activated play protect and minimize the number of installed applications.