Heads up, Android customers! Researchers have discovered a brand new Android malware within the wild that even appeared on the Google Play Retailer. Recognized as “Autolycos”, this Android malware impersonated a number of apps to floor on the Play Retailer and garner enormous downloads.
About Autolycos Android Malware
By way of a latest Twitter thread, safety researcher Maxime Ingrao from Evina Safety shared particulars a couple of new malware marketing campaign focusing on Android customers.
The researcher named the malware “Autolycos,” which ran devoted infectious campaigns within the wild impersonating totally different apps. Whereas that’s apparent for a cellular malware, what made Autolycos harmful is its look on the official Google Play Retailer.
Regardless of Google’s sturdy safety checks, Autolycos malware succeeded in intruding into the Play Retailer to lure customers. Such intrusions recommend that android customers can blindly belief the apps on the Play Retailer both until they know the app developer.
Ingrao defined that the malware existed on the Play Retailer by way of a minimum of 8 totally different apps since June 2021. All of those apps attracted enormous variety of downloads, two of which even boasted over 3 million installs.
This malware sneakily subscribes the victims to premium companies (therefore behaving as fleeceware). On this approach, it attracts cash from the victims whereas staying beneath the radar, making it tough for the sufferer to detect and cease the an infection.
Concerning how the malware works, the researcher said in his tweet,
It retrieves a JSON on the C2 deal with: 68.183.219.190/pER/y
It then executes the urls, for some steps it executes the urls on a distant browser and returns the end result to incorporate it within the requests
This permits it to not have a Webview and to be extra discrete
So as to add legitimacy to the malicious apps distributing the malware, the risk actors behind Autolycos malware have additionally arrange devoted social media pages for promotions.
To advertise the functions, fraudsters create a number of Fb pages and run adverts on Fb and Instagram.
For instance, there have been 74 advert campaigns for Razer Keyboard & Theme malware pic.twitter.com/lLl9faZjQI
— Maxime Ingrao (@IngraoMaxime) July 13, 2022
Extra technical particulars in regards to the malware and its campaigns within the wild can be found in Evina’s detailed report.
Some Malicious Apps Nonetheless Exist
After detecting the malware, the researcher reported the malicious apps to Google for subsequent motion. The researcher has shared the checklist of these apps on this tweet.
com.razer.keyboards (10k+) https://t.co/dLmVIkvKEh.editor (1M+) ❌
com.okcamera.humorous (500K+) https://t.co/8fyEMql0bj (1k+) ❌
app.launcher.creative3d (1M+) ❌
com.gif.emoji.keyboard (100K+) ❌https://t.co/W5wjm83pDV (5K+) ❌https://t.co/cju9S26Nny (100K+) ❌— Maxime Ingrao (@IngraoMaxime) July 13, 2022
Paradoxically, it took the agency a number of months to take away these apps. Nonetheless, one among them, “Humorous Digicam” (com.okcamera.funny), continues to exist on the Play Retailer.
Meaning customers should stay very cautious when encountering this app. Additionally, if they’ve downloaded any malicious apps, customers ought to rush to delete the app from their gadgets. Whereas, as a precaution, customers should all the time keep away from downloading apps from unknown, untrusted, or new builders, even when they boast enormous downloads or critiques.