Malware-Infested Apps Removed from Google Play Store
Three million Android users may have had their devices infected by spyware and lost money by downloading infected apps from the Google Play store.
French security researcher Maxime Ingrao announced on Twitter how he discovered the new malware that has been infecting apps in the Google Play Store. The malware, named “Autolycos”, signs up users to premium services.
Autolycos spies on user SMS messages, contact lists, and device information, and subscribes unsuspecting users to expensive wireless application protocol (WAP) services.
Some of the infected Google Play store apps that have been affected include Funny Camera by KellyTech and Razer Keyboard & Theme by rxcheldiolola. These apps have 500,000 and 50,000 installs respectively.
Ingrao said that some of the maliciously infected apps have been promoted to users via Facebook and Instagram ads.
Ingrao continued that the apps that have been infected by the Autolycos malware have been available on the Google Play store since June 2021 and have been installed over 3 million times. It is only recently that these malicious apps have been pulled from the store by Google. Inevitably, Google will be questioned on whether or not the company is doing a good enough job checking the apps that are being made available in their store.
To reduce the chance you may encounter malware, consider these measures:
Keep your Android device up-to-date with the latest official security patches.
Turn on Google Play Protect – Google’s built-in malware protection for Android, which automatically scans your device.
Download your apps from official sources, such as the Google Play Store – not unofficial app stores. This wouldn’t have helped in this particular case, but as a general rule the Google Play Store is considered safer than third-party marketplaces.
Check reviews of apps before downloading them, although bear in mind that there have been instances where criminals have posted bogus reviews in an attempt to dupe users into trusting that an app can be considered safe.
Think carefully about whether you should accept the permissions an app requests upon installation.
Consider running an anti-virus program from a legitimate security firm on your Android device.
Story via Tripwire