In the height of summer, when defenses tend to be lowered for relaxation, the new Autolycos malware began to hit, capable of enrolling the compromised Android device in premium-rate services charged to the telephone account.
Listen to this article
After the umpteenth reappearance of the Joker malware, the finances of mobile device users have again been endangered by a new virus, just reported by the French security house Evina.
In the past few hours, the researcher Maxime Ingrao, working precisely at Evina, documented in an alert, then also reported on his Twitter profile, of the presence, in 8 applications listed in the Android Play Store, of a malware baptized as “Autolycos” , from the name of the Greek mythological character son of the god Hermes (tutelary deity of thieves) and grandfather of the clever Ulysses. The malware, whose name does not therefore appear to be chosen at random, was identified in applications downloaded a total of about 3 million times.
Among the apps carrying Autolycos there is one with keyboard and themes, Razer Keyboard & Theme, attributed to xcheldiolola, another keyboard-type app, Gif Emoji Keyboard, with 100 thousand downloads, one with a launcher equipped with depth effects, Creative 3D Launcher, with 1 million downloads: the camera-type apps dominate the list of apps, as in the case of Coco Camera v1.1, with 1,000 downloads, Freeglow Camera 1.0.0, with 5,000,000 downloads , Wow Beauty Camera, with 100,000 downloads, and Funny Camera. There is also Vlog Star Video Editor which, as evidenced by its one million downloads, has achieved considerable success in promising, thanks to the right editing tools, popularity as a video blog star.
Once one of the apps in question has been installed, the user is unknowingly taken to some payment pages where his terminal, smartphone or tablet, will be subscribed to premium services and / or content, whose impact on his finances he will only realize later, since the debit takes place on the telephone account.
The sources assure that the offending apps have all been removed from the Google Play Store following the Ingrao report: nevertheless, they may still be present locally on the compromised devices, from which they will have to be uninstalled manually, taking care for the future, as well as prefer official download sources, also to consult user feedback, and to evaluate the congruity of the permissions required by what is installed.