A rather annoying malware has been lying around for more than a year on Android. Rather aggressive, the malware subscribes bogus subscriptions under the nose of its victims.
A new malware is taking its toll on Android. Autolycos, by its small name, surreptitiously subscribes Internet users to paid premium services and can, in certain cases, consult and read your SMS. Discovered by Maxime Ingraoa French cybersecurity specialist working for the company Evina, Autolycos has slipped onto more than 3 million devices.
What apps are affected?
The malicious code was inserted into eight applications which remained for months on the Play Store, Google’s app store. The company recently removed the affected titles from its catalog, but if the apps are still installed on your phone, it is urgent to get rid of them. The alert concerns:
- funny camera
- Razer Keyboard & Theme
- Vlog Star Video Editor
- Creative 3D Launcher
- Wow Beauty Camera
- GIF Emoji Keyboard
- Freeglow Camera
- Coco Camera v1.1
Each of these applications embeds Autolycos which, in the background, will execute its dark design without alerting users.
Google plays with the security of its platform
The operation of the malware is quite simple. After the launch of the application, Autolycos will consult sites discreetly (via HTTP requests, without displaying a web page) to subscribe victims without their knowledge to bogus premium subscriptions that they do not need. Requests for permissions that are a little too generous also allow certain apps to consult your SMS. According to Evina“this malware family originated in South Africa and is now proliferating in Nigeria.“
If no mobile system is immune to malware, the case of Autolycos is a bit special. Indeed, Maxime Ingrao warned Google of his discovery in June 2021. The company certainly quickly deleted six of the eight applications concerned, but Funny Camera and Razer Keyboard were still recently available on the Play Store. The latter even paid the luxury of offering ads on Facebook to encourage Internet users to install it. It took the flaw to be made public for Google to decide to remove the other two malware.
So delete these applications if you have installed them, check that no suspicious debit is displayed on your account, and keep the Play Protect feature (within the OS security settings) activated.