Another day, yet another security concern for Android users around the world.
While the operating system governed by Google is popular, robust, powerful and extremely capable, it's not the safest operating system around. After rounds and more rounds of malware types have made their way into Google Play Store infecting many Android users, this time, yet another malware has been found.
A malware type dubbed the 'Autolycos' was discovered in eight popular Android apps.
According to a French security researcher Maxime Ingrao from the cybersecurity firm Evina who first discovered it, the malicious apps entice users into downloading them by offering additional functionality for their camera or keyboard.
Combined, they’ve been downloaded over three million times.
Found new family of malware that subscribe to premium services
8 applications since June 2021, 2 apps always in Play Store, +3M installs
No webview like #Joker but only http requests
Let’s call it #Autolycos #Android #Malware #Evina pic.twitter.com/SgTfrAOn6H— Maxime Ingrao (@IngraoMaxime) July 13, 2022
The eight apps in question:
- Vlog Star Video Editor.
- Creative 3D Launcher.
- Funny Camera.
- Wow Beauty Camera.
- Gif Emoji Keyboard.
- Razer Keyboard & Theme.
- Freeglow Camera 1.0.0.
- Coco camera v1.1.
These apps show a Joker-like capabilities, in which they can sign victims to premium services.
The apps can do this by executing URLs on a remote browser and inject it on HTTP requests instead of loading an external WebView. Apps infected with Autolycos can also requests permission to read SMS content, so the infected apps can read text messages, giving it leeway to steal things like one-time password codes.
The malicious apps are widely promoted via social media where it reaches users via ad campaigns, most of them on Facebook.
For instance, there were 74 different ad campaigns on Facebook to promote the Razer Keyboard & Theme app alone, according to Ingrao.
So here, Android is definitely not a malware-free platform.
Not only that users who stumble upon the wrong website and download the wrong APK, can experience things that can go haywire, as downloading apps on Google Play Store can still be risky
To promote the applications, fraudsters create several Facebook pages and run ads on Facebook and Instagram.
For example, there were 74 ad campaigns for Razer Keyboard & Theme malware pic.twitter.com/lLl9faZjQI— Maxime Ingrao (@IngraoMaxime) July 13, 2022
It's generally accepted for Android users to download their apps from the Google Play Store. As a matter of fact, all security researchers would recommend users to download apps from the official apps store, as opposed to downloading their APKs and sideloading them.
But still, even with Google working around the clock to rid the Play Store of bad apps, especially with initiatives like Play Protect, some still manage to slip through the cracks.
Although Ingrao first found these malicious apps back in June 2021 and reported his findings to Google, it took the search giant six months to remove six of the apps in question.
The final two were only taken down recently.
While all of these eight bad apps have been removed from the Play Store, Android users who have downloaded the apps on their phones could still have the apps operating in the background and signing them up for premium subscription services.
Many of them also request access to read your SMS messages, which some users may have allowed.