Malware-infected malicious apps have been downloaded more than three million times from the Google Play Store, with users subscribing to premium services without their knowledge.
As reported by Bleeping Computer (opens in a new tab), security researcher Maxime Ingra of cybersecurity firm Evian has discovered a new malware family called “Autolycus” in eight popular Android apps.
Although Ingra first discovered these malicious apps in June of last year and reported the findings to Google, it took the search giant six months to remove six.
When Malicious Apps Escape Google’s Protection:
All malicious apps found by Ingra trick users into downloading them by offering additional features to the camera or keyboard.
Although all these malicious apps have now been removed from the Play Store, if you have them installed on your Android smartphone, they can still run in the background and sign up for premium subscription services. Many of them also require you to sign in to read your text messages, which some users may have allowed.
Here is the full list of apps infected with Autolycus malware and the number of times they were downloaded:
- Nice camera – 500,000+
- Wow Beauty Camera – 100,000+
- Emoji Gif Keyboard – 100,000+
- Razer Keyboard and Themes – 50,000+
- Foreglow Camera 1.0.0 – 5000+
- Coco Camera v1.1 – 1000+
Surprisingly, the makers of Autolycus have also paid for various ad campaigns on various social media platforms to promote their malicious apps. For example, there were 74 different Facebook ad campaigns to promote just the Razer Keyboard & Theme app, Ingra said.
How to protect yourself from malicious Android apps:
While Google is working around the clock to remove malicious apps from the Play Store, some still manage to escape the cracks. For this reason, you should always be careful when downloading new apps, even if they come from official sources like Play Store, Amazon App Store or Samsung Galaxy App Store. This gets even worse when you download and install apps as APK files from unofficial sources.
While it’s always a good idea to check reviews before downloading apps, they can be misleading, especially if they’re written by bots. For Autolycus infected apps, popular apps have received more negative reviews from real users, while fewer downloaded apps still have high ratings due to bots.
After that, you should always think and think carefully when granting permissions to Android apps. Not all apps need to use local storage, contacts, or messages. Thankfully, Google now automatically removes permissions from apps you haven’t used in a while. Here’s how to protect yourself.
Finally, we recommend that you enable and keep Google Play Protect active on your Android smartphone, as the service scans your device for potentially malicious apps and checks each app for malware and suspicious activity before downloading it.