Researcher discovered new app malware on Google Play that steals your money

Maxime Ingrao, safety researcher at cybersecurity corporate Evina, has discovered a new malware circle of relatives that can infect Android apps on Google Play.

It’s named Autolycos — from the homonymous Greek mythological figure, recognized for his mastery in thievery and deceit. And that’s precisely what the malware does.

Since June 2021, Ingrao has recognized 8 inflamed apps on Play Store — downloaded over 3 million occasions.

Found new circle of relatives of malware that subscribe to top class services and products 👀

8 packages since June 2021, 2 apps all the time in Play Store, +3M installs 💀💀

No webview like #Joker however handiest http requests

Let’s name it #Autolycos 👾#Android #Malware #Evina pic.twitter.com/SgTfrAOn6H

— Maxime Ingrao (@IngraoMaxime) July 13, 2022

How does Autolycos paintings?

Greetings, tech nerd!

Are you into devices? And apps? And different cool tech stuff? Then this weekly publication is for you.

ALSO READ:  5 ways to prepare for an engineering degree | newscase

According to Evina’s report, the principle objectives of Autolycos is to subscribe customers to top class Direct Carrier Billing (DCB) services and products, with out their wisdom or consent.

Unlike the Joker malware that launches an invisible browser and makes use of Webview, Autolycus launches fraud makes an attempt by means of executing http requests with out the use of a browser.

For some steps, it may possibly execute the urls on a far flung browser and embed the ends up in the http requests.

Here’s how Autolycos is in a position to get admission to a verification PIN code by means of studying a telephone’s notifications:

The malware’s mode operation makes it laborious for Google to distinguish inflamed apps from official ones. That’s why it’s been undetected for see you later.

To defraud as many customers as imaginable, the cybercriminals in the back of the Autolycos advertise the apps on Facebook pages and run Facebook and Instagram apps.

Ingrao recognized 74 advert campaigns for one of the crucial inflamed apps: the Razer Keyboard & Theme app.

To advertise the packages, fraudsters create a number of Facebook pages and run commercials on Facebook and Instagram.

For instance, there have been 74 advert campaigns for Razer Keyboard & Theme malware pic.twitter.com/lLl9faZjQI

— Maxime Ingrao (@IngraoMaxime) July 13, 2022

Traces have additionally been present in Asia and quite a lot of European international locations, together with Spain, Austria, Poland, and Germany — indicating an alarming enlargement.

Which are the inflamed apps?

Evina and Ingao have shared an inventory with the 8 apps had been the malware used to be discovered:

1. Razer Keyboard & Theme — 10,000+ downloads
2. Vlog Star Video Editor — a million+ downloads
3. Funny Camera — 500,000+ dowloads
4. Coco Camera — 1,000+ downloads
5. Creative three-D Launcher — a million+ downloads
6. GIF Keyboard — 100,000+ downloads
7. Freeglow Camera — 5,000+ downdoads
8. Wow Camera — 100,00+ downloads

Interestingly, Ingao advised BleepingComputer that he notified Google already in June 2021. Although the corporate said receiving the record, it took a ridiculously lengthy six months to take away the primary set of six apps, which led the researcher to head public on Twitter.

On July 13, Google got rid of the remaining two: Funny Camera and Razer Keyboard & Theme. If you wish to have to test what the apps appeared like, you’ll be able to in finding them in Evira’s report.

I discovered, alternatively, an app that seems to be suspiciously very similar to the got rid of Vlog Star Video Editor.

It stocks the very same image and outline, handiest now it’s referred to as Vlog Star Video Maker.

Take a glance:

This method that although the recognizedapps had been got rid of, we will have to be vigilant because the fraudsters in the back of the malware would possibly proceed introducing inflamed apps.

How to give protection to yourselves

There’s no bulletproof technique for heading off app malware, however that there are some easy steps you’ll be able to take:

1. Don’t give apps permission to learn your SMS content material upon set up. Check additionally third-party information sharing permissions.
2. Read the critiques!
3. Keep Play Protect energetic.
4. Don’t obtain any app evenly.
5. Delete apps you now not use.