Time and again, we're reminded that even when installing Android apps directly from Google's Play Store
, contracting a malware infection is still possible. It's still the safest route (versus venturing off elsewhere and/or sideloading), but still not foolproof. Case in point, a security
researcher has sounded the alarm on a heaping handful of malicious apps discovered on the Play Store, which can secretly subscribe users to premium services.
Maxime Ingrao, a French security researchers at Evina Tech, discovered the eight offending apps all the way back in June 2021. A couple of them have been downloaded a million times, and collectively the eight malicious apps have notched 3 million installations. And because they subscribe victims to premium services on the sly, they're essentially stealing money from the pockets of Android
Ingrao told Bleeping Computer
that he notified Google
of the malicious apps when he discovered them last year, but for whatever reason, it took the company six months to remove six of them. Two of them were still available to download as of yesterday morning, but have since been yanked from the Play Store as well.
It's not clear why it took Google so long to scrub the apps from its Play Store, especially considering the high number of downloads. And while they're finally gone, it's not a moot point because those who already installed the apps could still have them on their smartphone or tablet.
Here's the full list...
- Vlog Star Video Editor: 1 million installs
- Creative 3D Launcher: 1 million installs
- Funny Camera: 500,000 installs
- Wow Beauty Camera: 100,000 installs
- Gif Emoji Keyboard: 100,000 installs
- Razer Keyboard & Theme: 50,000 installs
- Freeglow Camera 1.0.0: 5,000 installs
- Coco Camera v1.1: 1,000 installs
Funny Camera and Razer Keyboard & Theme were the two that lingered in the Play Store the longest, collectively infecting over half a million Android devices. Fortunately those are now gone as well. If you installed any of the above apps, however, you should remove them immediately.
Ingrao is calling the malware Autolycos. In addition to subscribing users to premium services that cost money, Autolycos can read SMS text messages. One of the ways it has been spreading is through scam ad campaigns on Facebook and Instagram. Ingrao says he found 74 ad campaigns for the Razer Keyboard & Theme app alone. The culprit(s) also set up several Facebook pages to promote the malicious apps.