Apps containing Autolycos malware managed to evade Google's defenses
Bad malware-infected apps that users unknowingly subscribe to premium services have been downloaded more than three million times from the Google Play Store.
As reported by BleepingComputer (opens in a new tab), security researcher Maxime Ingrao from cybersecurity firm Evina discovered a new malware family called "Autolycos" in eight popular Android apps.
Although Ingrao first encountered these malicious apps and reported its findings to Google in June last year, it took the search giant six months to remove six of the apps in question, with the last two recently removed.
When malicious apps escape Google's defenses
All malicious apps detected by Ingrao trick users into downloading them by offering additional features for their camera or keyboard. Together, they have been downloaded more than three million times. Even though all these bad apps have now been removed from the Play Store, they might still be running in the background and signing up for premium subscription services if you have any installed on your Android smartphone. Many of them also request access to read your SMS messages, which some users may have allowed.
Here is the full list of apps infected with Autolycos malware along with the number of downloads:
* Vlog Star Video Editor: more than 1 million
* Creative 3D Launchers: more than 1 million
* Funny Camera: more than 500,000+
* Wow Beauty Camera - 100,000+
* GIF Emoji Keyboard - 100,000+
* Razer Keyboard and Theme - 50,000+
* Freeglow Camera 1.0.0 - 5000+
* Coco camera v1.1 - 1,000+
Surprisingly, the makers of Autolycos malware also paid for a number of advertising campaigns on various social media platforms to promote their malicious apps. For example, according to Ingrao, there were 74 different ad campaigns on Facebook to promote the Razer Keyboard and Theme app alone.
How to protect yourself from malicious malware Android apps
Even though Google works around the clock to remove malicious apps from the Play Store, some still manage to slip under the radar. This is why you should always be careful when downloading new apps, even if they come from official sources like Play Store, Amazon App Store or Samsung Galaxy App Store. This gets even worse when apps are downloaded and installed as APK files from unofficial sources.