Maxime Ingrao, security researcher at cybersecurity company Evinahas discovered a new malware family that can infect Android apps on Google Play.

It’s called Autolycos – from the eponymous Greek mythological figure, known for his mastery of theft and deception. And that’s exactly what the malware does.

Since June 2021, Ingrao has identified eight infected apps in the Play Store, which have been downloaded more than three million times.

How does Autolycos work?

Greetings, technical geek!

Do you love gadgets? And apps? And other cool tech stuff? Then this weekly newsletter is for you.

According to Evina’s reportAutolycos’ main purpose is to subscribe users to premium Direct Carrier Billing (DCB) services, without their knowledge or consent.

unlike the Joker malware launching an invisible browser and using Webview, Autolycus launches fraud attempts by making http requests without using a browser.

For some steps, it can run the urls in an external browser and embed the results in the http requests.

Here’s how Autolycos can access a verification PIN by reading a phone’s notifications:

Autolycos malware