One of the main reasons Google recommends that Android users download apps from the Play Store is because of the review process and security measures put in place. These measures and systems are designed to prevent malware from making it past Google’s reviews, but from time to time, something does slip past the cracks.
In this case, a new malware called Autolycos has been discovered by Evina’s security researcher Maxime Ingrao. This malware hides within an Android app and what it does is that it secretly subscribes users to premium services, running users up a bill that they might not notice unless they check their subscriptions or credit cards.
To make things worse, it seems that this malware has been installed over 3 million times to date. According to Ingrao, the researcher told BleepingComputer that the malware was actually discovered back in June 2021 and was reported to Google, but it took the company at least half a year to remove some of the offending apps, but yet two apps that contain the malware remain on the Play Store at this time of writing
According to BleepingComputer, these are the apps that contain the malware, so if you happen to have installed it, you’ll want to remove them from your device ASAP and check your subscriptions and credit cards to make sure that you weren’t charged.
- Vlog Star Video Editor (com.vlog.star.video.editor) – 1 million downloads
- Creative 3D Launcher (app.launcher.creative3d) – 1 million downloads
- Wow Beauty Camera (com.wowbeauty.camera) – 100,000 downloads
- Gif Emoji Keyboard (com.gif.emoji.keyboard) – 100,000 downloads
- Freeglow Camera 1.0.0 (com.glow.camera.open) – 5,000 downloads
- Coco Camera v1.1 (com.toomore.cool.camera) –1,000 downloads
Source: BleepingComputer