comscore Android users, delete these apps from your smartphone now: Here’s why

This Android malware was caught stealing money from Play Store apps: Check list here

Google has already deleted these apps from Play Store. If you have downloaded any of these apps, it is advisable that you delete them immediately.


Microsoft’s 365 Defender team, earlier this month, spotted a malware dubbed as the Toll Fraud malware that is capable of making users subscribe to premium services without their consent. Now, a Evina security researcher, Maxime Ingrao, has spotted another malware that is capable of doing the same, albeit in a slightly different way. Also Read - Twitter confirms hackers took advantage of bug that exposed data of 5.4 million users

Evina, in its report said that the malware, dubbed as Autolycos after the Greek character known as the master of thievery and deceit, subscribes users to premium Direct Carrier Billing (DCB) services without informing users or taking their explicit consent. Also Read - WhatsApp Group members may soon be able to quietly leave a group chat: Here’s how

Unlike Joker malware, Autolycos, does not launch an invisible browser to attack users. Instead it launches fraud attempts by executing http requests without using a browser. “For some steps, it can execute urls on a remote browser and embed these results in the http requests,” the malware research firm wrote in its report adding that it is this behaviour that makes it difficult to detect. Also Read - Google Search with quotes will now show where to find the exact word or phrase

Evina says that the Autolycos malware creates a remote browser and embedding results in http request to make it harder for Google to differentiate apps infected from Autolycos from the genuine apps. “The malware is able to access the verification PIN code by reading the phone’s notifications,” the firm wrote in its report.

What’s more? To increase its reach, the cyber criminals behind the Autolycos malware promoted the infected apps on several Facebook pages. They also ran ads on Facebook and Instagram, which in turn, made the infected apps visible to more users and ultimately lead to more downloads. This ended up ranking the infected apps high on the Google Play Store, which in turn increased their chances of getting downloaded.

Researchers said that although the Autolycos malware originated in South Africa, its traces has already infected apps in Spain, Austria, Poland, Germany, Saudi Arabia, the United Arab Emirates, Malaysia and Thailand.

Apps infected by Autolycos malware

Ingrao, in a thread on Twitter, said that this malware since its detection back in June 2021 has infected a total of eight apps on the Play Store that have collectively amassed over three million downloads so far. These apps are —

— Razer Keyboard & Theme
— Vlog Star Video Editor
— Funny Camera
— Coco Camera
— Creative 3D Launcher
— GIF Keyboard
— Freeglow Camera
— Wow Camera

How to protect yourself from Autolycos malware

Google has already deleted these apps from Play Store so that new users are unable to download them. If you have downloaded any of these apps, it is advisable that you delete them immediately. Apart from this, it is advisable that users don’t give permission to read SMS contents to apps and enable Google Play Protect on your Android devices.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: July 18, 2022 4:43 PM IST

new arrivals in india