Android Security Flickr Reuse

While Android can lack security, Google works hard to ensure the platform its safe for users. Google often points out that compromised security on Android is because of OEMs changing the OS for their own devices. Maybe, but Android also faces security risks from apps because of the open nature of the platform.

Google often cleans house to ensure nefarious apps stay off the Google Play Store. Even so, some apps slip through the net and cause damage. For example, eight apps that Google has now removed, but not before they were already downloaded a total of 3 million times.

According to security researcher Maxime Ingrao of cybersecurity firm Evina, a new variant of  spyware similar to the Joker malware was spread through the eight offending apps. Known as Autolycos, the malware will automatically subscribe users to a spyware service as well as gain access to their SMS messages.

Advertisement

By automatically signing users up to a premium service, people can be paying for something without knowing about it. Known as fleeceware, this type of attack is dangerous for customers who integrate their payments on Android.

Offending Apps

According to Ingrao, the 8 apps use the variant Autolycos and have already been downloaded millions of times since arriving on the Google Play Store in June 2021. Yes, the apps have been up for over a year.

The eight apps in which Ingrao found Autolycos are:

  • Vlog Star Video Editor (com.vlog.star.video.editor) – 1 million downloads
  • Creative 3D Launcher (app.launcher.creative3d) – 1 million downloads
  • Wow Beauty Camera (com.wowbeauty.camera) – 100,000 downloads
  • Gif Emoji Keyboard (com.gif.emoji.keyboard) – 100,000 downloads
  • Freeglow Camera 1.0.0 (com.glow.camera.open) – 5,000 downloads
  • Coco Camera v1.1 (com.toomore.cool.camera) –  1,000 downloads
  • Funny Camera by KellyTech –  500,000 downloads
  • Razer Keyboard & Theme by rxcheldiolola – 50,000 downloads.

It is worth noting Ingrao found these apps back in July 2021 and promptly told Google. However, the company took six months to remove six of them, with the last two getting taken down on July 13 2022.

Tip of the day: Tired of Windows´s default notification and other system sounds? In our tutorial we show you how to change windows sounds or turn off system sounds entirely.

Advertisement