A French security researcher has warned users of Android smartphones against certain applications, which he said contain a “new family of malware”. There are eight such apps, researchers Maxime Ingrao said on Twitter, which he has tracked since June last year. He added that these applications have been downloaded more than three million times (Google Play downloads included), he added. The malware has been identified by Mr Ingrao as Autolycos and he also explained how it infects the phone in a Twitter thread.
Found new family of malware that subscribe to premium services ????
8 applications since June 2021, 2 apps always in Play Store, +3M installs ????????
No webview like #Joker but only http requests
Let’s call it #Autolycos ????#Android #Malware #Evina pic.twitter.com/SgTfrAOn6H
— Maxime Ingrao (@IngraoMaxime) July 13, 2022
The researcher said that the malicious applications are widely promoted via social media and reaches users through campaigns. Users are enticed to download these apps with photos of cool keyboard themes, nice-looking launcher apps and camera applications.
Google has deleted these applications from the Play Store, but their APK versions are still available online. “It retrieves a JSON on the C2 address: 68.183.219.190/pER/y. It then executes the urls, for some steps it executes the urls on a remote browser and returns the result to include it in the requests. This allows it not to have a Webview and to be more discrete,” Mr Ingrao said in one of his tweets.
“To promote the applications, fraudsters create several Facebook pages and run ads on Facebook and Instagram,” he said in a subsequent tweet.
The security researcher also posted the screenshot of these mobile applications so that it becomes easy for Android users to delete them from their phones.
The eight dangerous apps are:
- Vlog Star Video Editor (com.vlog.star.video.editor, 1 million downloads)
- Creative 3D Launcher (app.launcher.creative3d, 1 million downloads)
- Funny Camera (com.okcamera.funny, 500,000+ downloads)
- Wow Beauty Camera (com.wowbeauty.camera, 100,000 downloads)
- Gif Emoji Keyboard (com.gif.emoji.keyboard, 100,000 downloads)
- Razer Keyboard & Theme (com.razer.keyboards, 10,000 downloads, not related to the gaming/tech company Razer)
- Freeglow Camera 1.0.0 (com.glow.camera.open, 5,000 downloads)
- Coco Camera v1.1 (com.toomore.cool.camera, 1,000 downloads)
If none of these applications are on your phone, consider yourself lucky.