Heads up, Android customers! Researchers have discovered a brand new Android malware within the wild that even appeared on the Google Play Retailer. Recognized as “Autolycos”, this Android malware impersonated a number of apps to floor on the Play Retailer and garner large downloads.
About Autolycos Android Malware
By way of a latest Twitter thread, safety researcher Maxime Ingrao from Evina Safety shared particulars a couple of new malware marketing campaign focusing on Android customers.
The researcher named the malware “Autolycos,” which ran devoted infectious campaigns within the wild impersonating completely different apps. Whereas that’s apparent for a cell malware, what made Autolycos harmful is its look on the official Google Play Retailer.
Regardless of Google’s sturdy safety checks, Autolycos malware succeeded in intruding into the Play Retailer to lure customers. Such intrusions counsel that android customers can blindly belief the apps on the Play Retailer both except they know the app developer.
Ingrao defined that the malware existed on the Play Retailer through no less than 8 completely different apps since June 2021. All of those apps attracted large variety of downloads, two of which even boasted over 3 million installs.
This malware sneakily subscribes the victims to premium providers (therefore behaving as fleeceware). On this method, it attracts cash from the victims whereas staying underneath the radar, making it tough for the sufferer to detect and cease the an infection.
Relating to how the malware works, the researcher said in his tweet,
It retrieves a JSON on the C2 tackle: 68.183.219.190/pER/y
It then executes the urls, for some steps it executes the urls on a distant browser and returns the consequence to incorporate it within the requests
This permits it to not have a Webview and to be extra discrete
So as to add legitimacy to the malicious apps distributing the malware, the menace actors behind Autolycos malware have additionally arrange devoted social media pages for promotions.
To advertise the functions, fraudsters create a number of Fb pages and run adverts on Fb and Instagram.
For instance, there have been 74 advert campaigns for Razer Keyboard & Theme malware pic.twitter.com/lLl9faZjQI
— Maxime Ingrao (@IngraoMaxime) July 13, 2022
Extra technical particulars concerning the malware and its campaigns within the wild can be found in Evina’s detailed report.
Some Malicious Apps Nonetheless Exist
After detecting the malware, the researcher reported the malicious apps to Google for subsequent motion. The researcher has shared the listing of these apps on this tweet.
com.razer.keyboards (10k+) https://t.co/dLmVIkvKEh.editor (1M+) ❌
com.okcamera.humorous (500K+) https://t.co/8fyEMql0bj (1k+) ❌
app.launcher.creative3d (1M+) ❌
com.gif.emoji.keyboard (100K+) ❌https://t.co/W5wjm83pDV (5K+) ❌https://t.co/cju9S26Nny (100K+) ❌— Maxime Ingrao (@IngraoMaxime) July 13, 2022
Satirically, it took the agency a number of months to take away these apps. Nonetheless, considered one of them, “Humorous Digicam” (com.okcamera.humorous), continues to exist on the Play Retailer.
Which means customers should stay very cautious when encountering this app. Additionally, if they’ve downloaded any malicious apps, customers ought to rush to delete the app from their gadgets. Whereas, as a precaution, customers should at all times keep away from downloading apps from unknown, untrusted, or new builders, even when they boast large downloads or critiques.
