Three million+ Android users must delete these apps after Google left them lurking in the Play Store
We may earn a commission if you make a purchase from the links on this page.
A horribly widespread new mobile security threat has been discovered and made public, and as much as Google might generally insist that it's doing its best to keep your money and data protected, that's definitely not what happened in this particular case.
Dubbed "Autolycos" by the cybersecurity expert who made the alarming but oh-so-familiar discovery more than a year ago (!!!), the virus acts in an insidious way reminiscent of the Joker malware that's been regularly in the news for the last few years, stealing money from millions and millions of unsuspecting Android users.
The threat, the list, and the eye-popping numbers
Unfortunately, the number of potential Autolycos victims jumped in the millions as well as the months went by and Google did nothing to thwart this new fleecing scheme. Although the search giant was purportedly made aware of the existence of eight malicious apps in the official Play Store early on, it took roughly six months for six of these titles to disappear, with the final two only going away this Thursday.
While it's impossible to know exactly how many users had their Android devices infected and their bank accounts drained as a direct result of Google's tardiness in dealing with this situation, it feels safe to assume that the apps listed below would have never reached those impressive download figures if they were kicked out (much) earlier:
- Vlog Star Video Editor - 1 million+
- Creative 3D Launcher - 1 million+
- Funny Camera - 500,000+
- Wow Beauty Camera - 100,000+
- Gif Emoji Keyboard - 100,000+
- Razer Keyboard & Theme - 50,000+
- Freeglow Camera 1.0.0 - 5,000+
- Coco camera v1.1 - 1,000+
All in all, Evina's Maxime Ingrao estimates this malware-spreading campaign impacted more than three million devices, subscribing the owners of said Androids to bogus "premium" services without their knowledge or authorization. Many of those users might still be paying for "subscriptions" they don't want, need, or even have any idea about.
Protection is everything
As always, you are advised to check the list of apps installed on your phone or tablet and delete any and all titles confirmed as malicious on sight. For the future, you should be extra careful what you download in the first place, browsing through user reviews in search for obvious red flags like a low average score or many (fake) 5-star ratings combined with many (potentially real) 1-star grades.
In terms of privacy-protecting and security-enhancing tools, ExpressVPN remains your best friend, especially with a risk-free 30-day money-back guarantee. Meanwhile, Google is clearly not to be relied on to offer you the most basic degree of protection against the most obvious threats, so the best course of action is generally to assume you're on your own.
These are all Facebook ads for a malicious Android app.
Also, try to avoid overhyped and overpromoted apps on Facebook, Instagram, and other social media platforms, which seem to be the favorite places for many bad actors behind shady operations of this sort to find their victims. Unfortunately, social networking giants don't have your back either, rarely checking what kind of apps and products are advertised to their users.
Because the "Autolycos" malware was found to be extremely crafty and discreet in its harmful actions, accessing among others a user's text messages without permission, there's a very good chance the above list of compromised Android apps will rapidly grow before long. Hopefully, with negative media attention on the company (again), Google will ramp up its virus-fighting and especially virus-deleting efforts.
Things that are NOT allowed: