Malicious mobile applications have been found and removed from the Google Play store following urgent warnings across the security community.

Cybersecurity researchers from ThreatLabz recently reported detecting three different malware families hiding in a multitude of apps that between them have had more than 300,000 downloads.

A further report last week warned of a new Android malware family that secretly subscribes users to premium services which was downloaded over 3,000,000 times.

The malware, named 'Autolycos,' is said to be in at least eight Android applications. The two applications with the highest downloads include 'Funny Camera', which has over 500,000 installations, and 'Razer Keyboard & Theme' which has over 50,000 installations.

The increased use of mobile devices has resulted in an uptake in mobile malware. Smartphones provide a convenient and accessible way of communicating, sharing, and obtaining information and can often hold a wealth of sensitive information, making them an attractive target for threat actors globally.

The malware families identified in malicious applications and removed from the Google Play Store have been dubbed Joker, Facestealer, and Coper.

In particular, Joker is a significantly advanced piece of mobile malware, capable of stealing sensitive information, SMS messages, call lists, and contacts from the devices, as well as applying unauthorised charges to their mobile numbers. It was reported that 50 applications trojanised with Joker collectively account for over 300,000 downloads on the Play Store.

Masquerading applications is a popular technique used by threat actors to gain initial access into the device.

A list of Autolycos malware-infected applications have also been reported which include Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, Freeglow Camera 1.0.0 and Coco Camera v1.1.

Although all of the applications identified in this article have been removed from the Play Store, those still using these apps will need to remove them and perform a device clean-up to prevent further malicious activities.

There are several ways of initial access for mobile malware including masquerading applications as highlighted in this report and SMS phishing. Understanding and educating personnel on these techniques can help prevent and detect possible successful malware infections.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).