Android malware downloaded over 3 million times from the Play Store: the apps to be deleted
There is new malware to watch out for, not least because it has found wide diffusion in the Play Store. We talk about Autolycos unearthed by Maxime Ingrao, researcher at Evina – a company specializing in IT security. The damage produced by the malware results in the subscription to premium services without the user’s knowledge. The malware has been identified in no less than 8 applications published in the Play Store and currently all removed.
Anyone who has downloaded one or more of the apps listed should uninstall it immediately:
- Funny Camera
- Razer Keyboard & Theme
- Vlog Star Video Editor
- Creative 3D Launcher
- Wow Beauty Camera
- Gif Emoji Keyboard
- Freeglow Camera 1.0.0
- Coco Camera v1.1
The offending apps they recorded at least 3 million downloads in total – the number of installations based on the data obtained from the Play Store is underestimated because Google only indicates the exceeding of minimum download thresholds and not the exact figure. The data confirms that the bad guys are often one step ahead of the Play Store control systems.
WHAT AUTOLYCOS DOES (AND WHAT GOOGLE DID NOT DO)
The pattern of operation of the malware is not very different from that of other malware created to achieve the same goal of Autolycos: disguises its presence – for example by running URLs on a remote browser – asks for permission to read SMS content, and forces the user to subscribe to premium services.
To aggravate everything, the activity of promoting harmful apps by those who carried out the malware campaign has intervened: to give an idea, the researcher counted 74 advertising initiatives on Facebook dedicated to only one of the offending apps (Razer Keyboard & Theme). Finally, the task of leaving false positive reviews in the Play Store has been entrusted to special bots.
Some of the promotional campaigns to incentivize the download of malicious apps
The Mountain View house unfortunately did not move in a timely manner in the specific case Maxine Ingrao declares to have reported to Google the presence of the apps containing Autolycos in June 2021; 6 were removed 6 months later, two (Funny Camera and Razer Keyboard & Theme) only in the last few hours following the publication of an article by Bleeping Computer.
THE remedies against this type of cyber threats do not change: always be aware of the permissions granted to apps, check anomalous data traffic in the background and battery consumption (apps that work in the shadows help to increase the two parameters), use an antivirus and limit the apps installed on your smartphone to those from known and trusted sources. Activating Play Protect helps and is recommended to do so.
