Autolycos is the new malware that has been installed more than 3 million times among its different applications and, after being downloaded in one of the applications that contain it in the Google Play Store, it subscribes those who have it to premium services that can result in a great economic loss for those affected. One of its main problems is that many people are not aware of the situation until the telephone bill arrives, and even some do not even do so at that time or are unaware of the reason for such a high bill.
This malware called Autolycos was discovered by the researcher Maxime Ingrao in at least 8 apps , although there could be more. In addition, to promote them and give them more credibility, numerous advertising campaigns were created on social networks such as Facebook. Two of them were still available in the Google app store until yesterday, adding more affected to those already there.
If you have one of these applications you have to uninstall it before the economic damage is important. The more time passes, the more negative consequences it will have and without you knowing what it is due to. Although the apps disappear from the Play Store, those that have been installed will continue to harm those who have them.
These are the malicious apps
The applications that have this malware are:
- Vlog Star Video Editor
- Creative 3D Launcher
- Wow Beauty Camera
- Gif Emoji Keyboard
- Freeglow Camera 1.0.0
- Coco Camera v1.1
- Funny Camera
- Razer Keyboard & Theme
As of yesterday, Funny Camera by KellyTech with over 500,000 installs and Razer Keyboard & Theme by rxcheldiolola with over 50,000 installs were available on the Play Store. Two of these applications have more than 1 million downloads, another two more than 100,000 downloads and the other 5,000 and 1,000 downloads.
When was it discovered and how does it work?
The researcher assured that he discovered the malware in these applications in June 2021 , informing the company of them at that time. Google acknowledged receiving the report, but it took more than 6 months to remove the former and more than a year to get rid of the latter. After some time had passed since this initial report, the researcher disclosed his findings in public and this is how we now have knowledge of these new applications that many users still have installed on their mobile and are subscribing them to premium services.
The operation of Autolycos is very simple, as it performs stealthy malicious behavior such as executing URLs in a remote browser and adding the result in HTTP requests instead of using Webview. Thus, its actions are less noticeable and it is not easy to detect. In many cases, malicious apps requested permission to read SMS content when installed on the device, allowing the apps to access their victims’ text messages.
Although some of these apps had a lot of negative reviews, the ones with the fewest downloads were rated well due to bot reviews. Even if they are no longer in the store, it is important that you uninstall them as soon as possible if you have one since it may be stealing from you without you knowing. Subscriptions are not exactly the cheapest.
To protect yourself against these and other threats, it is recommended that you monitor your battery consumption and Internet data in the background. It also activates Play Protect and reduces the apps that you install on your mobile, especially if they are not well known or have minimal criticism.
