At least eight Android apps, some of which have been installed millions of times, harbored a hidden virus.
This malware could subscribe users to paid services without them realizing it, explains the BleepingComputer.com site on Wednesday.
Maxime Ingrao, a cybersecurity researcher working for Evina, discovered this malware, dubbed Autolycos, in June 2021.
According to him, this virus executed URLs through a different browser from that of the victims, before including the result in HTTP requests.
The process took place without going through Webview, the program that allows Android applications to access web pages.
This specificity made its actions very difficult for users to detect.
The malware allowed access to text messages from the target user's phone.
Google was slow to react
Autolycos thus spread via numerous advertising campaigns promoting the applications in which it was hiding on Facebook.
In addition, bots ensured that these applications were always well rated.
Eight of them have been downloaded nearly three million times in total.
These are Vlog Star Video Editor, Creative 3D Launcher, Funny Camera, Wow Beauty Camera, GIF Emoji Keyboard, Razer Keyboard & Theme, Freeglow Camera 1.0.0 as well as Coco Camera v1.1.
Upon discovery, Maxime Ingrao alerted Google.
But it was not until January 2022 that the American giant deleted six of the applications concerned.
The last two, on the other hand, were still available on the Play Store until recently.
The company subsequently acted after the researcher made the existence of Autolycos public.
People who have downloaded any of these applications should remove them immediately and check the services to which they subscribe.
high tech
Malware: How Brata cleans up a smartphone after looting its associated bank account
high tech
Play Store: 151 apps contain malware that subscribes users to paid services
high tech
android
Google
Computer virus
Cybersecurity