Although the Apple and Google app stores have a strong verification system against malwarewe know that there is always the possibility that one of them will get out of control.

And in times when government agencies are discussing the imposition of more openness in digital stores, it is important to always remember how systems too open may put less informed users at risk.

On the Play Store, a trojan called autolycos has been downloaded over 3 million times, hidden in apps normal for Android.

According to cybersecurity researcher Maxime Ingraothe malware was freely active in 8 apps of the most varied types (camera filters, vlog editors, virtual keyboards, etc.).

Once on the victim’s device, these apps enroll the user without consent in bogus paid services.

They can act in a hidden way, without the web pages being visible on the screen and also request access to read SMS.

The 8 programs in question (all for Android) are:

Vlog Star Video Editor (+1 million downloads)

Creative 3D Launcher (+1 million downloads)

Wow Beauty Camera (+100,000 downloads)

Gif Emoji Keyboard (+100,000 downloads)

Razer Keyboard & Theme (+10,000 downloads)

Funny Camera (+500,000 downloads)

Freeglow Camera (+5,000 downloads)

Coco Camera (+1,000 downloads)

Those were the discovered. Nothing guarantees that they do not exist others of the same type that continue to act in the Google store and have not yet been detected.

And the cheat is very well done. The creators of autolycos mounted numerous advertising campaigns on social networks to spread their infected applications.

The researcher explains that he identified more than 70 ads on Facebook and Instagram just for the app “Razer Keyboard & Theme“.

To further deceive potential victims, the app’s ratings on the Play Store were forged with the help of robots that multiply 5-star ratings.

And if you think this is something new, you are wrong.

The problem was discovered in June 2021 before being notified to Google. And despite being warned, the company was not so efficient in the solution, as it took more than 6 months to delete infected apps from your store. And two of them are still available on the Play Store.

That after a year of malware discovery. Congratulations, Google.

Knowing these stories is important for iPhone (and even Android) users to remember two things:

Digital systems are not 100% infallible and no matter how much you try to shield them, there is always the possibility of finding a loophole. Too “open” systems, despite giving the user more freedom, also put him more at risk.

If this happens inside an official store, what about the possibility of installing apps outside the App Storeas the European parliament wants to impose on the iPhone.

Let’s see if Europe can level users of iPhone and Android, placing them in the same “security” conditions that exist today in the Google system…