Remove These Hidden Malware Apps From Your Android As Soon As Possible
No matter how hard Google tries, nothing seems to stop malware-infected apps from making their way into the Play Store. We have covered many cases in the past, including the recent phone call scam malware targeting older versions of Android. Now the scammers behind a new strain of malware are tricking users into downloading it millions of times . Thankfully, all apps known to be infected have been removed from the Play Store, but you can still have one of them on your smartphone right now.
Researcher Maxim Ingrao was the first to identify this new group of malware . Ingrao called it “Autolycos” and claimed that at least eight Android apps packaged the new malware for download by unsuspecting victims. Worst part? Android users have downloaded these eight apps over three million times, which means that Autolycos has found its way onto millions of devices.
While Autolycos may be present in other applications, Ingrao confirmed that these eight names hide malware. They are listed here in descending order of the number of downloads they achieved before being removed from the Play Store:
- Vlog Star Video Editor: 1 million downloads
- Creative 3D Launcher: 1 million downloads
- Funny Camera: 500,000 downloads
- Razer Keyboard & Theme: 500,000 downloads
- Wow Beauty Camera: 100,000 downloads
- Gif Emoji Keyboard: 100,000 downloads
- Freeglow Camera 1.0.0: 5000 downloads
- Coco Camera v1.1: 1000 downloads
Ingrao told BleepingComputer that he discovered and reported these malicious apps to Google over a year ago , back in June 2021. Although Google reportedly confirmed receipt of Ingrao’s data, the company took no action for six months and even then only deleted six of them. eight identified apps from the Play Store. When the BleepingComputer article was published on Wednesday, July 13, two apps, Funny Camera and Razer Keyboard & Theme, were still available for download. Shortly after the publication, Google removed these applications as well.
The main goal of Autolycos is to sign the victim up for premium services without their knowledge. This is achieved by executing the URLs in a separate remote browser, returning results without a webview. This process was designed to allow Autolycos applications to run invisibly without alerting users. In addition, many of these apps requested permission to read users’ SMS messages, allowing Autolycos to freely clean up victims’ text messages.
What’s interesting about this particular Autolycos attack is that the hackers were selling the legitimacy of their apps through Facebook pages as well as Facebook and Instagram ads. As Ingrao highlights in his tweet, there were 74 promotional campaigns for the Razer Keyboard & Theme app, resulting in half a million downloads when all was said and done.
How to protect yourself from Autolycos and other malicious apps
First of all, take a close look at the list of apps above. If you have installed any programs on your Android device, uninstall them now . While none of them are currently available for download, removing them from the Play Store does not affect apps already installed on devices.
In the future, carefully research apps on the Play Store before downloading them to your phone. Take a look at the app name, preview images, and description: does it all make sense for the type of app it should be? Descriptions should be clear and well-written, and images should be of high quality and showcase the main advertised features.
Scan reviews: if you notice a lot of bad reviews, skip the app. However, pay attention to how positive reviews are written. If all the five-star reviews are poorly worded or seem to miss the point of the app as a whole, it’s a sign that they’ve been created by bots designed to inflate the rating of a malicious or unwanted app.
Most importantly, check the permissions that the app will ask for during installation. A video editor, for example, does not have the right to ask permission to read your SMS messages, while a theme app should not have access to your location or health data. If you notice too many permissions in the list, especially if those permissions don’t fit the purpose of the app, avoid it.
[ BleepingComputer ]