Malware Autolycos on Android: you may already be infected!
Unlike many people in this season, the pirates did not go on holiday to Brittany. Considering the number of malware discovered each year, they even seem that they never catch any. ” Hack more to earn more is their motto! Today we put you warns against Autolycos, a virus to which you may have already opened the door of your wallet.
More than 3 million potential victims
This new malware was discovered by Maxime Ingrao, a French cybersecurity specialist working for Evina.
com.razer.keyboards (10k+) https://t.co/dLmVIkvKEh.editor (1M+) ❌
com.okcamera.funny (500K+) https://t.co/8fyEMql0bj (1k+) ❌
app.launcher.creative3d (1M+) ❌
com.gif.emoji.keyboard (100K+) ❌https://t.co/W5wjm83pDV (5K+) ❌https://t.co/cju9S26Nny (100K+) ❌— Maxime Ingrao (@IngraoMaxime) July 13, 2022
Autolycus was hidden in the bowels of 8 applications that have been downloaded more than 8 million times. Here is the list:
- Funny Camera (over 500,000 downloads)
- Razer Keyboard & Theme (over 10,000)
- Vlog Star Video Editor (over 1 million)
- Creative 3D Launcher (over 1 million)
- Wow Beauty Camera (over 100,000)
- GIF Emoji Keyboard (+100,000)
- Freeglow Camera (over 5,000)
- Coco Camera v1.1 (over 1000)
Ambitious, the pirates saw the big picture to bring the victims into their nets. Fraudsters did not hesitate to advertise their creations on a very large scale on social networks. For example, 74 promotional campaigns were underway on Facebook and Instagram just for Razer Keyboard & Them. Alerted by the presence of viruses in the programs, Google removed them from its store. Nevertheless, if you have downloaded one of these applications, it is rather urgent to uninstall them and take a look at your bank statement to see if you find any anomalies. Because the objective of the thieves was of course to empty your pockets.
Autolycos: to the subscribers present
The 8 applications indeed embarked within them the infamous Autolycos. As soon as the programs are launched, the latter can consult web pages via HTTP requests without even opening a browser. Thus, you realize absolutely nothing. Once on these sites, the malware makes you take out premium subscriptions to services that do not exist. Some of the apps even asked you for access to your text messages. This will steal even more confidential information from you and above all allow Autolycos to intercept the two-factor authentication OTP codes. According to the company Evina, the software could come from South Africa and would already cause great damage in Nigeria.
For once, the cybercriminals were great help from google who took a bit of a long time to react to the danger. In an interview given to our colleagues at BleepingComputerMaxime Ingrao indeed confided that he had warned the Mountain View firm of the presence of malware in these applications in June 2021. However, it will be necessary for 6 months to pass before seeing 6 of the 8 incriminated disappear from the Play Store. As for the last two, they were still there a few days ago but are no longer there at the time of writing these lines.
Funny camera, keyboard theme, video editor for vlogging, library of GIFs and emojis, beauty filters… We can in any case say that the criminals had targeted their prey well: rather young and not really used to being suspicious of anything.
We remind you once again here: even on the Gogole Play Store, you are not safe from downloading a corrupted application. Avoid like the plague superfluous apps that “prout” or add stupid filters. And if you want a virtual keyboard different from yours, only download the 3 “biggest” ones with the best ratings.
Do you still want to support independent developers? Take a look at their sites before doing anything…
