“Stealth” software

The principle of Autolycos is to secretly subscribe its victims to paid services. It’s only much later, by doing their accounts and taking a look at their bank statements that unlucky smartphone owners can realize this.

This is a “stealth” malwarewhich uses another browser than the Chrome-powered system and Android apps to surf the web.

“This behavior is intended to make its actions less noticeable and therefore undetectable by users of the compromised devices.”

Here is the eight infected apps by this virus:

  • Vlog Star Video Editor
  • Creative 3D Launcher
  • Funny Camera
  • Wow Beauty Camera
  • GIF Emoji Keyboard
  • Razer Keyboard & Theme
  • Freeglow Camera 1.0.0
  • Coco Camera v1.1

The first two have been downloaded more than a million times each, while “Funny Camera” has 500,000 downloads.

Despite the negative reviews written by users on Google Play Store, Android’s app store, bots made sure to overrate these apps for that they retain their popularity… and remain downloaded.

Another strategy: advertising circulating on social networks, especially on Facebook, to praise these applications. For the “Razer Keyboard & Theme” application alone, cybersecurity researcher Maxime Ingrao (who discovered Autolycos) found 74 promotional posts highlighted by Facebook.

After several reports, Google ended up remove infected apps from its app store. But you are not immune to unknowingly hosting malware…

Mobile: the 8 apps that contain malware

Definitely, there are a thousand ways to steal money. Real life scams are common. Fake plumber, fake policeman, water leak scam… From now on, it is necessary to add the malware on the Internet which is introduced in the applications which you download. These “malwares” then hack your phone. Forcing a purchase or stealing your credentials.

A new “malware family” had secretly invaded the Google Play Store. According to the site, it would be a researcher in cybersecurity from the company Evina who is at the origin of the discovery: Maxime Ingrao. Dubbed Autolycos, it would be software that automatically subscribes its victims to the premium version of the hacked service. The malware was able to spread through more than 74 promotional posts promoted by Facebook, according to Capital.

It is estimated that the corrupt apps have been downloaded over 3 million times. The victims may only realize too late the transactions carried out on their bank account. In addition, Google was slow to respond to the threat: the researcher reportedly notified Google as early as June 2021, but the internet giant waited until January 2022 to remove six of the eight apps.

Applications affected by the virus

Goodbye Google Pay, Google Wallet is coming

Along with its Android or Play Store updates, Google has also become accustomed to modernizing and strengthening its system with monthly updates for Google Play and related services.


The refresh of Google Pay and its transformation into Google Wallet is imminent. Among the Google Play System updates this month, the novelty is listed with its Material You redesign. This comes just after the visual changes made in the Play Store.

New functionalities are expected for the application for storing loyalty cards, bank cards, transport cards and other important documents (plane tickets, vaccination certificates, etc.). Google Wallet will also be used to turn into a digital key if necessary for hotels or businesses, but also gradually integrate identity documents and driving licenses as Apple does with its Maps application.

Google also wants to better integrate it with its other applications for faster access to the documents stored there.


Other new additions to Google Play include enhancements to the “Play-as-you-download” feature. Deployed last year, this allows you to launch a game before the end of its download on the smartphone or tablet. The July update further reduces wait times before launching the game.

The Play Store is enriched with a better suggestion of games and applications according to your preferences, an improvement in the download and installation time with greater reliability. The Play Pass and Play Points programs inherit new functions. The Play Store will also benefit from performance optimizations and fixes for security and stability bugs.


To check if your Android smartphone needs an update, you can go to the Google Play services page from your device and follow the procedure.

To update the Google Play system, go to Settings, then About smartphone > Android version > Google Play System update.

Google’s Play Store will be less transparent about its app permissions system

Google relies on good faith

Until now, each application listed on the Play Store was automatically scanned by Google to establish the list of authorizations necessary for its operation (geolocation, access to files, SMS, etc.). The list of permissions requested by the app was then listed on its file. From July 20, Google will completely switch to a system based on the good faith of the development teams. Each developer will fill in the list of permissions by hand, briefly explaining why this permission is requested.

This change in method is intended, according to Google, “to help users understand what data is collected or shared by your application, and to outline the main security and privacy practices of your application.” The automatic list generated by Google was indeed not necessarily very clear since it gave no context specifying why an application could request certain authorizations. On this, the development teams will be able to be more exhaustive.

But the automatic scanning method had the advantage of being perfectly transparent. If an app’s configuration file indicated that it needed geolocation access, that permission was automatically listed. From now on, this will be done on a declarative model. The risk that a developer “forgets” to list an authorization is therefore not zero, even if Google obviously specifies that, if such practices are noticed, the company may “be required to take the necessary measures appropriate, including penalties.”

No Secret Data Mining

Let’s be very clear on one point: this does not mean that an application will be able to access your GPS location or your text messages without asking you. Once the software is installed, it will still need to ask you before accessing your personal data, just like before. This simply means that the presentation cards on the Play Store will no longer necessarily be as transparent as before, when a robot took care of listing all the authorizations potentially required. It will now be necessary to have confidence in the description provided by the creators and creators of applications.

Android: malware available on the Play Store has been downloaded more than 3 million times

While Apple and Google store app verification systems reject a majority of malware, they are far from infallible. On the Play Store, a Trojan called Autolycos has managed to slip through the cracks and has been downloaded more than 3 million times. According to cybersecurity researcher Maxime Ingrao, he was hiding in 8 applications with various functions (camera filters, vlog editors, original keyboards, etc.).

Once on the phone, these apps can discreetly sign up the user for bogus paid services. They can act without the web pages being visible on the screen, and also request access to read SMS. The 8 programs concerned are: Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, Razer Keyboard & Theme, Funny Camera, Freeglow Camera and Coco Camera.

The creators of Autolycos have set up numerous advertising campaigns on social networks to publicize their infected apps. The researcher explains that he has identified more than 70 for the “Razer Keyboard & Theme” application alone. To reassure potential victims, the ratings of the Play Store sheet have been bogus with the help of robots multiplying the glowing returns.

Categorized in: