Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware.

French security researcher Maxime Ingrao described last week on Twitter how he had discovered the new malware, named “Autolycos”, and how it signs up users to premium services.

The Autolycos malware, which shares similarities to the Joker spyware, spies on SMS messages, contact lists, and device information, and subscribes unsuspecting users to expensive wireless application protocol (WAP) services.

Affected apps include Funny Camera by KellyTech (which has been installed over 500,000 times from the Google Play Store) and Razer Keyboard & Theme by rxcheldiolola (more than 50,000 installs).

Other malicious apps, which have since been removed from the Google Play Store, include:

  • Vlog Star Video Editor (1 million installs)
  • Creative 3D Launcher (1 million installs)
  • Wow Beauty Camera (100,000 installs)
  • Gif Emoji Keyboard (100,000 installs)
  • Freeglow Camera (5,000 installs)
  • Coco Camera v1.1 (1,000 installs)

According to Ingrao, some of the malicious apps have been promoted to the public via Facebook and Instagram ads.

Ingrao says that Autolycos-poisoned apps have been available on the official Android marketplace since June 2021, during which time they have been installed over three million times, but they have only recently been pulled by Google. Questions will inevitably be asked whether Google is doing a good enough job of checking apps that are made available via its marketplace to many millions of users.

As we have mentioned before, there are steps all Android users should be taking to reduce the chances of encountering malware. These include:

  • Keep your Android device up-to-date with the latest official security patches.
  • Turn on Google Play Protect – Google’s built-in malware protection for Android, which (Read more...)