Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New Android malware on Google Play installed 3 million times
#1
https://www.bleepingcomputer.com/news/se...ion-times/      New Android malware on Google Play installed 3 million times
By Bill Toulas

July 13, 2022 11:00 AM      A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times.

The malware, named 'Autolycos,' was discovered by Evina's security researcher Maxime Ingrao to be in at least eight Android applications, two of which are still available on the Google Play Store at the time of this writing.

The two apps still available are named 'Funny Camera' by KellyTech, which has over 500,000 installations, and 'Razer Keyboard & Theme' by rxcheldiolola, which counts over 50,000 installs on the Play Store.    The remaining six applications have been removed from the Google Play Store, but those who still have them installed risk being charged with costly subscriptions by the malware's activities.

    Vlog Star Video Editor (com.vlog.star.video.editor) – 1 million downloads
    Creative 3D Launcher (app.launcher.creative3d) – 1 million downloads
    Wow Beauty Camera (com.wowbeauty.camera) – 100,000 downloads
    Gif Emoji Keyboard (com.gif.emoji.keyboard) – 100,000 downloads
    Freeglow Camera 1.0.0 (com.glow.camera.open) – 5,000 downloads
    Coco Camera v1.1 (com.toomore.cool.camera) –1,000 downloads

During a discussion with Ingrao, the researcher told BleepingComputer that he discovered the apps in June 2021 and reported his findings to Google at the time.

Although Google acknowledged receiving the report, it took the company six months to remove the set of six, while two malicious apps remain on the Play Store to this day.

After so much time had passed since the initial reporting, the researcher disclosed his findings publicly.
Autolycos functions and promotion

Autolycos is a malware that performs stealthy malicious behavior like executing URLs on a remote browser and then including the result in HTTP requests instead of using Webview.

This behavior is meant to make its actions less noticeable and thus not be detected by users of compromised devices.

In many cases, the malicious applications requested permission to read SMS content upon installation on the device, allowing the apps to access a victim's SMS text messages.

To promote the apps to new users, the Autolycos operators created numerous advertising campaigns on social media. For the Razer Keyboard & Theme alone, Ingrao counted 74 ad campaigns on Facebook.
Some of the recent ad campaigns on Facebook
Some of the recent ad campaigns on Facebook (@IngraoMaxime)

Also, while some malicious applications suffered from inevitable negative reviews on the Play Store, those with fewer downloads maintain a good user rating due to bot reviews.

To stay safe against these threats, Android users should monitor background internet data and battery consumption, keep Play Protect active, and try to minimize the number of apps they install on their smartphones.

Update 7/13/2022: Google has removed the two remaining adware applications from the Play Store shortly after the publication of this post.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  45,000 Android devices infected by unremovable malware sidemoon 1 3,099 11-30-2023 , 05:24 AM
Last Post: Pranav
  Google ads push BumbleBee malware used by ransomware gangs mrtrout 0 760 04-23-2023 , 03:59 AM
Last Post: mrtrout
  Android malware apps with 2 million installs spotted on Google Play tarekma7 0 620 12-05-2022 , 04:09 PM
Last Post: tarekma7
  Android malware infected 300,000 devices to steal Facebook accounts tarekma7 0 466 12-05-2022 , 04:04 PM
Last Post: tarekma7
  Fake Google Translate app installs malware dhruv2193 1 627 09-05-2022 , 12:47 PM
Last Post: Mike

Forum Jump:


Users browsing this thread: 1 Guest(s)