A new family of viruses for the Android operating system has already racked up more than three million downloads from the Google Play Store alone. The official store is being used to house at least eight fraudulent apps that hide the Autolycos malware, which enrolls unauthorized users in paid services, the earnings of which go directly into the pockets of criminals.
The plague was discovered by researcher Maxime Ingrao, of the security firm Evina, in June of last year, at which time Google was informed about it. As of the time of filling this report, eight bogus applications that carried the virus have been removed, but they can still pose a risk to users who downloaded and installed them. The infected apps are the following:
- Funny Camera, from developer KellyTech (500,000 installs);
- Razer Keyboard & Theme (50k downloads);
- Vlog Star Video Editor (1 million);
- Creative 3D Launcher (1 million);
- Wow Beauty Camera (100k);
- Gif Emoji Keyboard (100k);
- Freeglow Camera 1.0.0 (5 mil);
- Coco Camera v1.1 (1 mil).
In all cases, Autolycos works from a remote browser system, which accesses websites without the user’s knowledge in order to register for paid services. In some analyzed examples, SMS access permissions should also be granted by users, something that can be done in order to intercept signature confirmation text messages, keeping the criminal operation hidden.
Outside the official Android store, the criminals responsible for the plague also ran ads on social media to promote the apps, taking users directly to download pages. In the most popular software, negative comments indicated the problem, but in those with fewer downloads, those responsible used bots to publish positive reviews.
Ingrao decided to go public more than a year after its discovery, precisely because of Google’s delay in taking action. According to him, the first six apps only went offline after six months of the initial report, while two others were taken off the air only when their report began to be published in the international press. The expert also considers that more fraudulent software, not yet detected, may also have been hosted on the official Android store by the criminals.
Therefore, the recommendation to users is to pay attention to downloads. Apps and solutions should only be downloaded from the official store and from recognized and certified developers; It is always worth looking at reviews and reviews in the press before installing, preferring popular software and avoiding recently published or low-download software.
When installing an app, check if the requested permissions match the purpose of the tool; be suspicious, for example, of a customized keyboard asking for authorization to access the galley or a camera requesting the reading of SMSs. Also avoid accepting requests involving Android accessibility systems, another way often used by crooks, especially in banking scams.
Check out>> 5 games with Artificial Intelligence
Keeping your smartphone up-to-date and antivirus solutions working also helps in identifying fraudulent websites and closes gateways that could be used by criminals. When observing excessive consumption of network, battery or undue charges on the invoice or credit balance, seek specialized help and perform scans to identify possible contamination of the device.