As reported by BleepingComputer (opens in new tab)a new malware family dubbed ‘Autolycos’ was discovered in eight popular Android apps by security researcher Maxime Ingrao from the cybersecurity firm Evina.
Although Ingrao first found these malicious apps back in June of last year and reported his findings to Google, it took the search giant six months to remove six of the apps in question, and the final two were only taken down recently.
When bad apps slip through Google’s defenses
All of the malicious apps discovered by Ingrao entice users into downloading them by offering additional functionality for their camera or keyboard. Combined, they’ve been downloaded over three million times.
While all of these bad apps have now been removed from the Play Store, if you have any installed on your Android smartphone, they could still be operating in the background and signing you up for premium subscription services. Many of them also request access to read your SMS messages, which some users may have allowed.
Here’s the full list of apps infected with the Autolycos malware along with how many times they’ve been downloaded:
- Vlog Star Video Editor – 1 million+
- Creative 3D Launcher – 1 million+
- funny camera – 500,000+
- Wow Beauty Camera – 100,000+
- GIF Emoji Keyboard – 100,000+
- Razer Keyboard & Theme – 50,000+
- Freeglow Camera 1.0.0 – 5,000+
- Coco camera v1.1 – 1,000+
Surprisingly, the creators of Autolycos also paid for a number of advertising campaigns on a variety of social media platforms in order to promote their malicious apps. For instance, there were 74 different ad campaigns on Facebook to promote the Razer Keyboard & Theme app alone, according to Ingrao.
How to stay safe from malicious Android apps
Even with Google working around the clock to rid the Play Store of bad apps, some still manage to slip through the cracks. For this reason, you should always exercise caution when downloading new apps, even when they come from official sources like the Play Store, Amazon App Store or the Samsung Galaxy App Store. This gets even worse when downloading and installing apps as APK files from unofficial sources.
While looking at reviews is something you should always do before downloading any app, they can be misleading, especially if they’re written by bots. In the case of the apps infected with Autolycos, the popular ones had more negative reviews from real users, while those with less downloads still had high ratings due to bots.
Next up, you should always carefully review and think closely when granting permissions for Android apps. Not every app needs to access local storage, your contacts or your messages. Fortunately, Google now automatically removes permissions for the apps you haven’t used in a while to help keep you safer.
Finally, you want to enable Google PlayProtect and keep it active on your Android smartphone as the service checks your device for potentially harmful apps and scans every app for malware and suspicious activity before you download it.