304 North Cardinal St.
Dorchester Center, MA 02124
French security researcher Maxime Ingrao has warned Android users about a new family of malware who subscribe to premium services.
It said the malware, called Autolycos, was found in at least eight Android apps that had more than three million downloads.
The eight malware apps that were infected included those that attract users’ attention, such as a camera editor, keyboard themes and video editors, he said.
In a series of tweets, he wrote: “Found a new family of malware that subscribes to premium services. 8 apps from June 2021, 2 apps always in the Play Store, +3 million installs. No site view like #Joker but only http requests. Let’s call it #Autolycos”
However, according to reports, it took six months for Google to remove these 8 apps, but their APK versions are still available online.
“It reads the JSON at C2: 18.104.22.168/pER/y Then it executes the URLs, in some steps it executes the URLs in the remote browser and returns the result to include in the requests. This allows him to not have a Webview and be more discreet,” he wrote further.
The researcher also added that these apps are widely promoted on social media through advertising campaigns on Facebook and Instagram.
“To promote apps, fraudsters create multiple Facebook pages and run ads on Facebook and Instagram. For example, 74 ad campaigns were made for the Razer Keyboard & Theme malware,” he said in another tweet.
Here is the list of eight malware apps listed by Maxime Ingrao: