A new malware has been found in eight Android apps on the Google Play store, which allows users to subscribe to premium services without the user knowing it. These eight apps had been downloaded more than 3 million (30 lakh) times. A security researcher gave information about this malware through a tweet, in which he named this malware as ‘Autolycos’. The tweet also mentioned that only six of these eight existing apps on the Google Play Store were removed from 2021. However, currently these eight apps have been removed from the store.
Maxim Ingrao, a security researcher at cybersecurity firm Evina, informed via a tweet thread on Wednesday that he discovered malware named ‘Autolycos’, which was present in at least 8 Android applications. Autolycos is a malware that lurks with ulterior motives to execute a URL on a remote browser and then include the result in an HTTP request instead of using a webview. Apart from this, this malware also gains permission to read SMS through apps, through which personal information of the user is stolen.
In the tweet thread, the researcher said that this malware was present in eight apps, including Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, Freeglow Camera, Coco Camera v1.1. All of them had been downloaded more than 30 lakh times. In the tweet, the researcher said that two of these apps had not been removed till the time of the tweet. However, both these apps are not currently available on Google Play, which means that Google has removed these apps from the store after the tweet.
Researcher Ingrao to BleepingComputer Told That it had detected these apps in June 2021 itself and shared its investigation with Google at that time. He also told that Google had acknowledged receiving his report, but even then it took six to a year for the company to remove these apps.
As we mentioned, Autolycos is a malware that lurks with the ulterior motive of executing a URL on a remote browser and then including the result in an HTTP request instead of using a webview. In addition, in many cases, apps equipped with this malware even asked for permission to read SMS content when installed on the device, giving the apps access to the target’s SMS.
The BleepingComputer report further states that in order to promote the apps to new users, Autolycos operators also ran several advertising campaigns on social media. For the Razer Keyboard & Theme app alone, researcher Ingrao detected 74 ad campaigns on Facebook.
Furthermore, while some of these malware apps received negative reviews on the Play Store, they maintained good user ratings through bot reviews.