top of page

Malicious Android applications discovered in the Play Store

Malicious mobile applications have been found and removed from the Google Play store following urgent warnings across the security community.

Cybersecurity researchers from ThreatLabz recently reported detecting three different malware families hiding in a multitude of apps that between them have had more than 300,000 downloads.

A further report last week warned of a new Android malware family that secretly subscribes users to premium services which was downloaded over 3,000,000 times.

The malware, named 'Autolycos,' is said to be in at least eight Android applications. The two applications with the highest downloads include 'Funny Camera', which has over 500,000 installations, and 'Razer Keyboard & Theme' which has over 50,000 installations.

The increased use of mobile devices has resulted in an uptake in mobile malware. Smartphones provide a convenient and accessible way of communicating, sharing, and obtaining information and can often hold a wealth of sensitive information, making them an attractive target for threat actors globally.

The malware families identified in malicious applications and removed from the Google Play Store have been dubbed Joker, Facestealer, and Coper.

In particular, Joker is a significantly advanced piece of mobile malware, capable of stealing sensitive information, SMS messages, call lists, and contacts from the devices, as well as applying unauthorised charges to their mobile numbers. It was reported that 50 applications trojanised with Joker collectively account for over 300,000 downloads on the Play Store.

Masquerading applications is a popular technique used by threat actors to gain initial access into the device.

A list of Autolycos malware-infected applications have also been reported which include Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, Freeglow Camera 1.0.0 and Coco Camera v1.1.

Although all of the applications identified in this article have been removed from the Play Store, those still using these apps will need to remove them and perform a device clean-up to prevent further malicious activities.

There are several ways of initial access for mobile malware including masquerading applications as highlighted in this report and SMS phishing. Understanding and educating personnel on these techniques can help prevent and detect possible successful malware infections.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page