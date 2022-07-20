The eight malware apps that were infected included the ones which attract user attention like camera editor, keyboard themes and video editors, he said.
{{^adFree}}
{{/adFree}}
In a series of tweets, he wrote, “Found new family of malware that subscribe to premium services. 8 applications since June 2021, 2 apps always in Play Store, +3M installs. No webview like #Joker but only http requests. Let’s call it #Autolycos"
As per reports, it took Google six months to remove these 8 apps, however, but their APK versions are still available online.
“It retrieves a JSON on the C2 address: 68.183.219.190/pER/y It then executes the urls, for some steps it executes the urls on a remote browser and returns the result to include it in the requests This allows it not to have a Webview and to be more discrete," he further wrote.
{{^adFree}}
{{/adFree}}
The researcher also added that these applications are widely promoted on social media through ad campaigns on Facebook and Instagram.
"To promote the applications, fraudsters create several Facebook pages and run ads on Facebook and Instagram. For example, there were 74 ad campaigns for Razer Keyboard & Theme malware," he said in another tweet.