New Google Play Malware Has Been Downloaded Over 3 Million Times

At the time of writing, two malicious apps "Funny Camera" and "Razer Keyboard & Theme" are still at large.

A new malware variant named “Autolycos” has already been downloaded by over 3 million unsuspecting Android users on the Google Play store.

Security researchers at Evina recently found the malware lurking in at least eight apps — two of which are still live at the time of writing.

The virus, which is able to access SMS messages on compromised devices, worked by signing targets up to premium services. Here’s everything you need to know about the new malware variant, and some advice on how to dodge similar threats in the future.

New Android Malware Has Been Downloaded Over 3 Million Times

Google just blocked eight Android apps from its app store, after finding out they were infected with a malicious malware called Autolycus.

The apps were first discovered to contain the new variant Autolycus back in June 2021 by security researchers at Evina. After realizing that the platforms were performing “stealthy malicious behavior,” the firm reported the issue to Google.

After six long months, Google finally took action this week by removing the apps from its platform – but not before the malware was installed by over 3 million Android users.

Autolycus: a closer look

With its name deriving from Greek mythology, Autolycus is a new malware threat that works by tricking victims into signing up for premium services.

Many apps containing the variant requested users’ permission to read SMS content upon installation, meaning that the victim’s private text messages were likely to be compromised too.

According to the security researchers, the malware is able to evade detection by executing URLs on a private browser instead of using the Android Webview. This way, the applications were able to display their content without performing an HTTP request.

The Autolycus-infected apps were advertised on social platforms like Facebook. The total number of online ads is unknown, but the social campaign appeared to be pretty widespread with Evina counting 74 for the Razer Keyboard & Theme alone.

Which Apps Contained the Malware?

The two apps still containing the malware are “Funny Camera” by KellyTech, and “Keyboard & Theme” by rxcheldiolola. The apps have received 500,000 and 50,000 installations respectively.

The other six apps that have since been removed from the Play Store include Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, Freeglow Camera 1.0.0 and Coco Camera v1.1.

How to Avoid Getting Caught Out

Unfortunately, as cybercriminals look for new ways to dupe their victims, the chances of stumbling on a scam app are only increasing. In fact, Apple removed over 1.6 million apps from their App Store in 2021 alone, and their figures for 2022 are expected to be even higher.

With the help of bots, untrustworthy apps may appear to have a large number of downloads too, making it harder to spot the bad actors. However, there are still a number of ways to avoid malicious applications.

Looking out for negative customer reviews is a simple and effective way to weed out bad eggs. Then, if you decide to download the app, you can monitor your background internet data and battery consumption to keep an eye out for suspicious activity.

Finally, by using a password manager to protect your accounts, you can provide an extra layer of defense between you and lurking threats. Bearing these strategies in mind, the chance of encountering malware like Autolycus will be drastically reduced.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Isobel O'Sullivan (BSc) is a senior writer at with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals