A New Malware Is Making Its Rounds Across Android Via Google Play, Infecting Millions Of Individual Users

Yet another malware has been uncovered on Android, making its way through smartphones and other devices via the Google Play store.

Malware has become a lasting nuisance across app stores in general, but they seem to spread via Google Play with some manner of vehement vengeance. Is it because perhaps Google keeps making a big show of issuing stricter guidelines and app store policies, yet fails to truly enforce them in any significant way? No, not at all, it’s just that catching sneaky indie developers working from a laptop is too hard for arguably the biggest tech conglomerate there is. I’d of course be more forgiving of Google, since looking for malware inside the Play store is like finding a needle in a haystack, if not for just how much this particular instance has permeated the Android userbase.

This fun little cyber-gizmo, named Autolycus, has been downloaded by unsuspecting individuals over 3 million times. Well, that number elicits nothing more than the quietest “yikes”, since there’s little else to offer in terms of contribution. Those are numbers the average dev living on two part-time jobs wishes they had. Imagine learning C++ for some complicated project, only for the malware guy to get 3 million downloads first.

Autolycus was first found out by Maxime Ingrano, a researcher at the cybersecurity firm Evina. They identified eight separate applications that were harboring the malware. As a result of her publications, Google took decisive action and quickly removed…six of them. Well, maybe they’re taking their time with the app takedowns and savoring the process. In previous similar examples, Google did remove all harboring entities, but would rarely ever do so in quick succession, taking their time to assess and whatnot. Which makes sense; always better to recheck your homework, especially when someone else does it for you.

So, how harmful is Autolycus and what does it do to your phone? Well, we can answer the first query by answering the second query: the malware is essentially an overenthusiastic door-to-door salesman of sorts. By overenthusiastic, I mean illegal, of course; the malware utilizes personal information that’s already added to one’s phone (specifically credit/debit card information) and uses it to subscribe users to premium services across the internet. Each of the apps containing Autolycus also asked for SMS access, which ensured that any two-factor authentication codes would be acquired and used accordingly.

It’s always best to keep one’s eye out for apps poorly reviewed on Google Play, but many of Autolycos’ apps were well reviewed. Consider investing the extra time in examining individual reviews for bots.


Read next: Remote working is still a big challenge for companies, especially when it comes to cyber security
Previous Post Next Post