Android malware have often been found propagating via the Google Play Store. One such malware has been identified recently, which has already been installed over three million times.

Diving into details

Named Autolycos, the malware was present in at least eight Android applications on the Play Store. The applications have been listed below:
  • Vlog Star Video Editor - 1 million downloads
  • Creative 3D Launcher - 1 million downloads
  • Funny Camera - 500,000 downloads
  • Wow Beauty Camera - 100,000 downloads
  • Gif Emoji Keyboard - 10,000 downloads
  • Razer Keyboard & Theme - 50,000 downloads
  • Freeglow Camera 1.0.0 - 5,000 downloads
  • Coco Camera v1.1 - 1,000 downloads

The researcher, Maxime Ingrao, discovered the apps in June 2021 and reported his findings to Google. It took the tech giant six months to remove six and the rest two were removed recently.

About Autolycos

  • Autolycos is a stealthy malware that can execute URLs on a remote browser and incorporate the result in HTTP requests instead of Webview. This ensures that the activities go unnoticed and are not detected by the victims.
  • The malware family promoted its apps to infect new users with various social media campaigns. 
  • It, furthermore, made several bot reviews that are seemingly legitimate to new users.

More Android malware on Play Store

  • Earlier this month, Pradeo spotted four malicious apps deploying the Joker malware and serving as droppers on Google Play Store. 
  • These apps have been installed by over 100,000 users.
  • Some other apps were found embedding the Facestealer and Coper malware. The former allows the attacker to pilfer Facebook credentials and authentication tokens. The latter is a banking trojan.

The bottom line

The foremost advice is to download software from only verified sources, although Play Store is not totally averse to cyberthreats. Android users are recommended to monitor data and battery consumption, enable Play Protect, and reduce the number of apps installed. Moreover, enable antivirus solutions and firewalls.
Cyware Publisher