In total, the eight infected applications accumulated over three million downloads, and, for some reason, Google decided not to remove them from the Play Store until the report was made public. Now, a year after its discovery, we have been able to know all the data about the case of attack targeting android users that security researcher Maxime Ingrao has baptized as “Autolycos”.
The modus operandi of this malware is somewhat reminiscent of another old malware known to Android users: joker. And that Autolycos would be able to subscribe users to premium calling and SMS services thus emptying their bank account little by little. The malware known as “Autolycos” can empty your bank account.
The infected apps accumulated more than three million downloads
The firm’s investigator EvinaTech exposed the threat in June of the year 2021, warning about the existence of a total of eight applications infected by Autolycos. The full list of apps, along with the number of downloads they accumulated, is available below:
- Vlog Star Video Editor | + 1 million downloads
- Coco Camera v1.1 | + 1000 downloads
- Gif Emoji Keyboard | +100000 downloads
- Wow Beauty Camera | +100000 downloads
- Funny Camera | +500000 downloads
- Razer Keyboard & Theme | +50000 downloads
- Freeglow Camera 1.0.0 | +5000 downloads
- Creative 3D Launcher | + 1 million downloads
They all contained fraudulent code able to load URLs in the browser remotely, to carry out the attacks. These consisted of subscribing users to premium services. In addition, the apps obtained the necessary privileges to access the content of users’ SMS with the risks that this entails (the reading of single-use verification codes, for example, a huge number of downloads that amassed the eight applications in total, reaching over three million installations.
In this sense, the researchers explain that the attackers carried out massive advertising campaigns on platforms such as Facebook. Perhaps the most serious part of the case is that Google has been aware of the existence of Autolycos since June 2021 but the company ignored it, and to this day it is still possible to find two of the eight apps in the store catalog. For this reason, the researcher decided to make his findings public on July 13, with the aim of alerting the public and preventing more people from infecting their devices with this new malware.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.