French security researcher Maxime Ingrao recently discovered a new family of malware that subscribe to premium services. This comprised eight applications on the Google Play Store, two of which had over a million downloads each. He is calling the malware Autolycos.
Android, by its nature of being open-source, is susceptible to threats like this and it is usually with applications that attract the users' attention. These applications were available on the Play Store since June 2021 and were taken down by Google after thye were discovered. According to reports, Google took six months to take down the apps, but the APKs (installable files) of the apps are still available online.
In a tweet thread, Ingrao explained how the malware works without having a webview and only https requests.
It retrieves a JSON on the C2 address: 68.183.219.190/pER/y
It then executes the urls, for some steps it executes the urls on a remote browser and returns the result to include it in the requestsThis allows it not to have a Webview and to be more discrete pic.twitter.com/v5S6fUjx7M— Maxime Ingrao (@IngraoMaxime) July 13, 2022
He also said that the applications were thoroughly promoted through ads on Facebook and Instagram by fraudsters. “For example, there were 74 ad campaigns for Razer Keyboard & Theme malware,” he wrote.
Here is the list of apps infected with Autolycos:
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Stampede-like situation disrupts Rahul Gandhi, Akhilesh Yadav's joint rally in Uttar Pradesh
May 19, 2024 4:26 PM
Ladakh Lok Sabha election: With Independent candidate's entry, it's now a 3-way contest for BJP and Congress
May 19, 2024 4:01 PM