Removed Android malware from Google Play with 3 million installs

Removed Android malware from Google Play with 3 million installs

IT security researcher Maxime Ingrao discovered Android malware hidden in eight apps that together had around three million installations. The malware registered the victims to premium services and thus ripped them off. The discoverer gave the pest the name Autolycos. Google has since removed the apps from the store.

Ingrao explains that Autolycos manages without Webview in order to minimize its footprint and thus the risk of discovery. Instead, the malware accesses URLs directly via http requests and receives their address from the command and control servers (C2) using JSON. In some cases, the browser is located on the C2 servers and then only returns the results.

The malware programmers succeeded so well in concealing the malware that Google’s automated analysis systems did not notice the malicious functions. After the notification, however, the apps are now no longer available. They should also have been removed from affected devices using Google Play Protect.

Ingrao goes on to explain that the masterminds behind the malware even advertised the malicious apps. The scammers created Facebook pages for the apps and promoted them on both Facebook and Instagram.

The Android malware arrived on the phone with the following eight apps:

  • Creative 3D Launcher (app.launcher.creative3d), more than a million downloads
  • Vlog Star Video Editor (com.vlog.star.video.editor), more than a million downloads
  • Funny Camera by KellyTech (com.okcamera.funny), more than 500,000 downloads
  • Gif Emoji Keyboard (com.gif.emoji.keyboard), more than 100,000 downloads
  • Wow Beauty Camera (com.wowbeauty.camera), more than 100,000 downloads
  • Razer Keyboard & Theme by rxcheldiolola (com.razer.keyboards), more than 10,000 downloads
  • Freeglow Camera (com.glow.camera.open), more than 5,000 downloads
  • Coco Camera (com.toomore.cool.camera), more than 1,000 downloads

To be on the safe side, Android users should check whether any of these apps are present on their device and remove them. You should also activate the Google Play Protect service if it has been deactivated so that apps identified as harmful can be automatically deleted from the smartphone.

IT Skills Shortage: Which Programming Languages ​​Are Most Demanded? Previous post IT Skills Shortage: Which Programming Languages ​​Are Most Demanded?
Rocky Linux 9: RHEL clone with its own build system for quick releases Next post Rocky Linux 9: RHEL clone with its own build system for quick releases