French security researcher Maxime Ingrao recently discovered a new family of malware that subscribe to premium services. This comprised eight applications on the Google Play Store, two of which had over a million downloads each. He is calling the malware Autolycos.

Android, by its nature of being open-source, is susceptible to threats like this and it is usually with applications that attract the users' attention. These applications were available on the Play Store since June 2021 and were taken down by Google after thye were discovered. According to reports, Google took six months to take down the apps, but the APKs (installable files) of the apps are still available online.

In a tweet thread, Ingrao explained how the malware works without having a webview and only https requests.

He also said that the applications were thoroughly promoted through ads on Facebook and Instagram by fraudsters. “For example, there were 74 ad campaigns for Razer Keyboard & Theme malware,” he wrote.

Here is the list of apps infected with Autolycos:

Vlog Star Video Editor (com.vlog.star.video.editor, 1 million downloads)

Creative 3D Launcher (app.launcher.creative3d, 1 million downloads)

Funny Camera (com.okcamera.funny, 500,000+ downloads)

Wow Beauty Camera (com.wowbeauty.camera, 100,000 downloads)

Gif Emoji Keyboard (com.gif.emoji.keyboard, 100,000 downloads)

Razer Keyboard & Theme (com.razer.keyboards, 10,000 downloads, not related to the gaming/tech company Razer)

Freeglow Camera 1.0.0 (com.glow.camera.open, 5,000 downloads)