Bad apps are infected malware which Register users with premium services without knowing they have been downloaded more than three million times from the Google Play Store.
According to the report of BleepingComputer (opens in a new tab)A new family of malware named ‘Autolycos’ has been detected in eight popular Android apps by security researcher Maxime Ingrao from cybersecurity firm Evina.
Although Ingrao first found these malicious apps last June and reported his findings to Google, it took the search giant six months to remove six of the apps in question. access and the last two were only recently taken down.
When bad apps break through Google’s defenses
All malicious apps detected by Ingrao entice users to download by providing additional functionality to their camera or keyboard. Combined, they have been downloaded more than three million times.
Although all these bad apps have now been removed from the Play Store, if you have installed any of them on your Android smartphone, they can still work in the background and register for you premium subscription services. Many of them also require access to read your SMS messages, which some users may have allowed.
Here is the full list of Autolycos malware infected apps along with the number of times they have been downloaded:
- Vlog Star Video Editor – 1 million or more
- Creative 3D Launcher – 1 million or more
- Funny camera – 500,000+
- Wow Beauty Camera – 100,000+
- Gif . Emoji Keyboard – 100,000+
- Razer Keyboard & Themes – 50,000+
- Freeglow Camera 1.0.0 – More than 5,000 yen
- Coco Camera v1.1 – 1,000+
Surprisingly, the creators of Autolycos have also paid for several ad campaigns across multiple social media platforms to promote their malicious apps. For example, there were 74 different Facebook ad campaigns promoting the Razer Keyboard & Themes app exclusively, according to Ingrao.
How to stay safe from malicious Android apps
Even if Google works around the clock to remove bad apps on Play Store, some still managed to slip through the cracks. For this reason, you should always exercise caution when downloading new apps, even if they come from official sources like the Play Store, Amazon App Store, or Samsung Galaxy App Store. This is even worse when downloading and installing apps as APK files from unofficial sources.
While looking at reviews is something you should always do before downloading any app, they can be misleading, especially if they’re written by bots. In the case of Autolycos infected apps, popular apps had more negative reviews from real users, while less downloaded apps still had high ratings due to bots.
Next, you should always consider carefully and think carefully when grant permission for Android applications. Not every app needs to access your local storage, contacts, or messages. Luckily, Google now automatically removes permissions for apps you haven’t used in a while to keep you safer.
Finally, you want to turn on Google Play Protect and stay active on your Android smartphone as the service checks your device for potentially harmful apps and scans any apps for malware and suspicious activity before you download.
Next: This is the new reason iPhone 14 Pro could be a big failure.