A new Android malware named ‘Autolycos’ that downloaded over 3,000,000 times is surfing on the Google Play Store by secretly subscribing users to its premium services. Evina security researcher Maxime Ingro discovered the family of malware that is currently available on the Google Play Store.
The two applications that act as receptive for the malware are named Funny Camera by KellyTech with over 500,000 installations and Razer Keyboard & Theme by rxcheldiolola with over 50,000 downloads still available right now on Play Store.
However, Google has removed 6 more applications with a risk of harboring the malware such as Vlog star video editor, Creative 3D launcher, Wow beauty camera, Gif emoji keyboard, Freeglow camera 1.0.0, Coco camera v1.1. If you have ever installed these apps on your device this article is for you.
According to the security researchers, Autolycos execute URLs on the remote browser along with including the result in HTTP requests instead of using Android Webview which is a system component for the Android operating system allowing Android apps to display content in the application without needing to perform an HTTP request. Security researchers added that the whole action is very subtle that the viewer might not notice.
The malware group has also promoted its apps to phish new users with several social media campaigns. The group also created various bot reviews which look legitimate to new users or users who are unaware of Autolycos’s activity.
Security researchers also advised that Android users must check their background internet data and battery consumption to find out whether the device has been compromised.
