Android is one of the malware-prone operating systems. Despite Google’s safety measures in place, Android devices getting malware or getting compromised is not something completely unheard of. Now, a malware named Autolycos has made its way to the Google Play Store and is found to be bundled with eight popular apps on the Play Store, resulting in over 3 million downloads.
The malware named Autolycos was discovered by security researcher Maxime Ingrao and was first reported on by Bleeping Computer. The malware has been found to be present in at least eight Android apps, all of which have been taken down by Google now. According to reports, it took Google six months to take down these eight applications from the initial acknowledgement of the report.
The malware words by executing URLs on a remote browser and inject it on HTTP requests instead of loading an external WebView. It also requests permission to read SMS content, so that the infected apps can also see your text messages, meaning attackers can potentially steal sensitive information like banking details or one-time passwords (OTP).
The malicious apps were widely promoted on social media where it reaches the user via ad campaigns. The apps that have been infected offer things like keyboard themes, launcher apps, camera apps with filters, and the likes. Two of the eight apps that have been found to be infected had more than a million downloads each. Here are the eight apps that have been found to have the malware on Google Play Store:
- Vlog Star Video Editor (1 million downloads)
- Creative 3D Launcher (1 million downloads)
- Wow Beauty Camera (100,000 downloads)
- Gif Emoji Keyboard (100,000 downloads)
- Razer Keyboard & Theme (10,000 downloads)
- Freeglow Camera 1.0.0 (5,000 downloads)
- Coco Camera v1.1 (1,000 downloads)
If you have downloaded any of these, the first thing to do is to uninstall the app immediately. Further, users can go into their file explorer and search with the app’s name. If they find a folder or any file related to the app, you should delete that, and reboot your smartphone once done. Users are also advised to not download apps that they see on social media ads, unless it is from a well known developer.