MumbaI: Quick Heal Security Labs recently spotted multiple fake anti-virus (AV) apps on Google Play Store. What’s more alarming, is that one of these fake AV apps has been downloaded more than 100000 times already.
These fake applications appear to be genuine anti-virus/virus-removal apps with names like Virus Cleaner, Antivirus security, etc., but do not have any such functionality. The main purpose of these apps is to show advertisements and increase the download count.
These apps mimic the functionalities of a real anti-virus app and have functions like “Scan Device for Viruses,” but they don’t have any AV engines or scan capabilities except a predefined list of apps marked as malicious or clean.
This list appears to be static and doesn’t appear getting updated. These fake AV apps don’t have any functionalities related to malware scanning or identifying any other security issues. They only show a fake virus detection alert to the user and eventually show advertisements, according to Quick Heal analysis.
All these fake AV apps have common functionalities as mentioned below –
The fake AV App contains predefined package lists, like whiteList.json with few whitelist package names, blackListPackages.json with few blacklist package names and blackListActivities.json with a list of blacklisted activities. This list is used for actual scanning and to show final scan results. It also contains a list of predefined permissions and uses it to show risks associated with other apps. It checks installed package names against the pre-defined static whitelists.
Interestingly, this is the reason why it detects itself as high-risk application because its own package name is not present in whitelist.json.
Above applications disguise as “security” or “Antivirus” in their name and do nothing related to Security. As explained above, they work only on a pre-defined static Blacklist/Whitelist of Apps and permissions. This might in-turn harm user’s mobile because they don’t have any capabilities to detect real malware and give a false impression of being protected to the end users.
This static set of Blacklist/Whitelist and absence of any update mechanism, confirms that these are Adwares disguised as an Anti-Virus or security related app. The download count of these applications is alarming. This shows how easy it is for a malware author to entice end users into downloading junk Apps.
Quick Heal Total Security for Mobile successfully detects these applications as – Android.Blacklister.A (PUP) and Android.FakeAV.E (PUP).
While, anything that comes FREE might come across as a temptation for you to buy, remember that FREE can also be FAKE! So, beware that you don’t fall prey to the free security software available on Play Store. Go only for trusted brands like Quick Heal when it comes to guaranteed security of your device.
How to stay safe from fake mobile apps –
- Check an app’s description before you download it.
- Check the app developer’s name and their website. If the name sounds strange or odd, you have all the reasons to suspect it.
- Go through the reviews and ratings of the app. But, note that these can also be faked.
- Avoid downloading apps from third-party app stores.
- Use a reliable mobile antivirus that can prevent fake and malicious apps from getting installed on your phone.