The threat, the list, and the eye-popping numbers
Unfortunately, the number of potential Autolycos victims jumped in the millions as well as the months went by and Google did nothing to thwart this new fleecing scheme. Although the search giant was purportedly made aware of the existence of eight malicious apps in the official Play Store early on, it took roughly six months for six of these titles to disappear, with the final two only going away this Thursday.
- Vlog Star Video Editor – 1 million+
- Creative 3D Launcher – 1 million+
- Funny Camera – 500,000+
- Wow Beauty Camera – 100,000+
- Gif Emoji Keyboard – 100,000+
- Razer Keyboard & Theme – 50,000+
- Freeglow Camera 1.0.0 – 5,000+
- Coco camera v1.1 – 1,000+
All in all, Evina’s Maxime Ingrao estimates this malware-spreading campaign impacted more than three million devices, subscribing the owners of said Androids to bogus “premium” services without their knowledge or authorization. Many of those users might still be paying for “subscriptions” they don’t want, need, or even have any idea about.
Protection is everything
As always, you are advised to check the list of apps installed on your phone or tablet and delete any and all titles confirmed as malicious on sight. For the future, you should be extra careful what you download in the first place, browsing through user reviews in search for obvious red flags like a low average score or many (fake) 5-star ratings combined with many (potentially real) 1-star grades.
These are all Facebook ads for a malicious Android app.
Also, try to avoid overhyped and overpromoted apps on Facebook, Instagram, and other social media platforms, which seem to be the favorite places for many bad actors behind shady operations of this sort to find their victims. Unfortunately, social networking giants don’t have your back either, rarely checking what kind of apps and products are advertised to their users.
Because the “Autolycos” malware was found to be extremely crafty and discreet in its harmful actions, accessing among others a user’s text messages without permission, there’s a very good chance the above list of compromised Android apps will rapidly grow before long. Hopefully, with negative media attention on the company (again), Google will ramp up its virus-fighting and especially virus-deleting efforts.