Malware has become a persistent annoyance in app stores in general, but it appears to be spreading with an act of revenge through Google Play. A new Android malware family that secretively subscribes customers to paid services has been downloaded over 3,000,000 times from the Google Play Store. The malware, known as ‘Autolycus,’ was discovered in at least eight Android apps by security researcher Evina Maxime Ingrao, two of which are still available on the Google Play Store at the time of writing.
The virus, which can read SMS messages on infected devices, is operated by enrolling victims in premium services. Here’s everything you need to know about the new malware variant, as well as tips on how to avoid future threats. Google has removed eight Android applications from its app store after discovering that they were infected with Autolycus malware.
Security researchers at Evina discovered the new variant Autolycus in the apps in June 2021. When the firm discovered that the platforms were engaging in “stealthy malicious behavior,” it reported the problem to Google. After six months, Google eventually took action last week by trying to remove the apps from its platform – but not before the malware had been installed by over 3 million Android users.
A Closer Look At the Autolycus Malware
Autolycus is a new malware threat named after Greek mythology that works by tricking victims into registering for premium services.
Many apps containing the variant asked users for permission to read SMS content upon setup, implying that the victim’s personal text messages were also vulnerable.
According to the researchers, the malware could indeed avoid detection by implementing URLs in a private browser rather than using the Android Web view. The applications were able to show their content without making an HTTP request in this manner.
How Harmful is Autolycus Malware
The malware uses personal information already stored on a user’s phone particularly, the credit/debit card information of customers which uses for subscribing to premium services available on the internet. Each of the Autolycus-containing apps also requested SMS access, ensuring that any two-factor authentication codes were obtained and used correctly. It’s always a good idea to keep an eye out for apps with poor reviews on Google Play, but many of Autolycos’ apps received positive feedback. Consider devoting extra time to checking individual reviews for bots.
Which apps were infected with malware?
The malware is still present in two apps: “Funny Camera” by KellyTech and “Keyboard & Theme”. The apps have been downloaded 500,000 and 50,000 times, respectively.
Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, GIF Emoji Keyboard, Free glow Camera 1.0.0, and Coco Camera v1.1 are the other six apps that have been removed from the Play Store.
How to Avoid Getting Caught in Autolycus
Unfortunately, as cybercriminals seek innovative methods to dupe their victims, the likelihood of encountering a scam app grows. In fact, Apple eliminated over 1.6 million apps from their Mobile App in 2021 alone, with the figure expected to be even higher in 2022.
Dishonest apps may appear to have many downloads with the help of bots, making it more difficult to identify the bad actors. There are, however, a variety of ways to avoid malicious applications.
Negative customer reviews are a simple and effective way to remove bad apples. If you decide to install the app, you can then oversee your background internet data and battery capacity to look for suspicious activity.
Finally, by using a password manager to safeguard your accounts, you can add an extra layer of protection between yourself and lurking threats. With these strategies in place, the likelihood of encountering malware such as Autolycus will be greatly reduced.
