A terribly widespread new threat to mobile security is discovered and made publicand as much as Google can generally insist that it does its best to protect your money and data, but that certainly didn’t happen in this particular case.
The threat, the list and the dazzling numbers
Unfortunately, the number of potential Autolycos victims jumped into the millions and months went by, and Google did nothing to thwart this new flea plan. While the search giant was reportedly aware of the existence of eight malicious apps in the official Play Store early on, it took about six months for six of these titles to disappear, with the last two disappearing only this Thursday.
- Vlog Star Video Editor – 1 Million+
- Creative 3D Launcher – 1 Million+
- Funny Camera – 500,000+
- Wow Beauty Camera – 100,000+
- Gif Emoji Keyboard – 100,000+
- Razer Keyboard & Theme – 50,000+
- Freeglow Camera 1.0.0 – 5,000+
- Coco Camera v1.1 – 1,000+
All in all, Evina’s Maxime Ingrao estimates that this malware-spreading campaign affected more than three million devices, with the owners of said Androids subscribing to fake “premium” services without their knowledge or consent. Many of those users may still be paying for “subscriptions” that they don’t want, need, or even have any idea about.
Protection is everything
As always, you are advised to check the list of apps installed on your phone or tablet and remove all titles that have been confirmed as malicious. Going forward, be extra careful with what you download, browsing user reviews looking for obvious red flags like a low average score or lots of (fake) 5 star ratings combined with lots of (potentially true) 1 star degrees.
These are all Facebook ads for a malicious Android app.
Also, try to avoid over-hyped and over-promoted apps on Facebook, Instagram and other social media platforms, which seem to be the favorite spots for many bad actors behind these kinds of shady operations to find their victims. Unfortunately, social networking giants are also not behind you and rarely monitor what kind of apps and products are offered to their users.
Since the “Autolycos” malware has proven to be extremely cunning and discreet in its malicious actions, including accessing a user’s text messages without permission, chances are the above list of compromised Android apps will soon will grow. Hopefully, with (again) negative media coverage of the company, Google will ramp up its virus-fighting and especially virus-removing efforts.