TECH NEWS – A new family of Android malware in the Google Play store has been downloaded more than 3 million times, secretly bribing users to pay for premium services.
The malware, dubbed “Autolycos”, was discovered by Maxime Ingrao, a security researcher at Evina, in at least eight Android apps, the last of which were finally removed from the Google Play Store only in the previous few days.
The last two apps to be removed are “Funny Camera” by KellyTech, which has more than 500,000 installs, and “Razer Keyboard & Theme” by rxcheldiolola, which has more than 50,000 installs in the Play Store. The remaining six apps were removed earlier, but those who still have any of them installed risk incurring costly subscriptions due to the malware’s activity.
- Vlog Star Video Editor (com.vlog.star.video.editor) – 1 million downloads
- Creative 3D Launcher (app.launcher.creative3d) – 1 million downloads
- Wow Beauty Camera (com.wowbeauty.camera) – 100,000 downloads
- Gif Emoji Keyboard (com.gif.emoji.keyboard) – 100,000 downloads
- Freeglow Camera 1.0.0 (com.glow.camera.open) – 5,000 downloads
- Coco Camera v1.1 (com.toomore.cool.camera) -1,000 downloads
In a conversation with Ingrao, the researcher said that he discovered the apps in June 2021 and reported his findings to Google at that time. Although Google acknowledged receiving the report, it took the company six months to remove the eight dangerous Android malware.
After all this time had passed since the first report, the researcher made his findings public.
Autolycos is malware software that performs “stealth” malicious actions, such as searching for URLs in a remote browser and then including the results in HTTP requests instead of using Webview. This behaviour is intended to make its actions less noticeable and thus undetectable to compromised device users.
In many cases, malicious applications have requested permission to read SMS content when installed on the device, allowing the applications to access the victim’s SMS messages. To promote the apps to new users, Autolycos operators have created several advertising campaigns on social media.
For Razer Keyboard & Theme alone, Ingrao counted 74 advertising campaigns on Facebook.
In addition, while some malicious Android apps inevitably received negative reviews on the Play Store, apps with fewer downloads maintained good user ratings thanks to bot reviews.
To stay safe from these threats, Android users should monitor their background internet data and battery consumption, keep Play Protect active and try to minimise the number of apps installed on their smartphone.