The Free Mobile Anti-virus you are using can be a Fake!

Quick Heal Security Labs recently spotted multiple Fake Antivirus Apps on Google Play Store. What’s more alarming, is that one of these fake AV Apps has been downloaded 100000+ times already. These Apps appear to be genuine Anti-virus/virus-removal Apps with names like Virus Cleaner, Antivirus security, etc., but do not have any such functionality. As per our analysis, the main purpose of these Apps is to show advertisements and increase the download count.

These Apps mimic the functionalities of a real Anti-virus App and have functions like Scan Device for Viruses. As per our analysis, these Apps don’t have any AV engines or scan capabilities except a predefined list of Apps marked as malicious or clean. This list appears to be static and we haven’t seen it getting updated during our analysis. These Fake AV Apps don’t have any functionalities related to malware scanning or identifying any other security issues. These Apps only show a fake virus detection alert to the user and eventually show advertisements.

Fig.1 – Fake Mobile AV & Virus Removal Apps

The interesting part of these applications is that they detect themselves as High Risk Applications.

Fig.2Fake Mobile AV App detecting itself as High Risk Application

All these Fake AV Apps have common functionalities as mentioned below –

The Fake AV App contains predefined package lists, like whiteList.json with few whitelist package names, blackListPackages.json with few blacklist package names and blackListActivities.json with a list of blacklisted activities. This list is used for actual scanning and to show final scan results.

Fig. 3 – Predefined static lists of Whitelisted, Blacklisted Apps and actions
It also contains a list of predefined permissions and uses it to show risks associated with other Apps.
Fig. 4 – Predefined list of permissions 

Following code snippet shows that it checks installed package names against the pre-defined static Whitelists. Interestingly, this is the reason why it detects itself as High-Risk Application because its own package name is not present in whitelist.json.

Fig. 5 – Code to parse JSON file
Here is the list of Fake AV Apps reported to Google by Quick Heal Security Labs. Google has removed these Apps from the Play Store now-

Fig. 6 – IOCs

Above applications disguise as “security” or “Antivirus” in their name and do nothing related to Security. As explained above, they work only on a pre-defined static Blacklist/Whitelist of Apps and permissions. This might in-turn harm user’s mobile because they don’t have any capabilities to detect real malware and give a false impression of being protected to the end users. This static set of Blacklist/Whitelist and absence of any update mechanism, confirms that these are Adwares disguised as an Anti-Virus or security related App. The download count of these applications is alarming. This shows how easy it is for a malware author to entice end users into downloading junk Apps.

Quick Heal Total Security for Mobile successfully detects these applications as –

Android.Blacklister.A (PUP) and Android.FakeAV.E (PUP).

While, anything that comes FREE might come across as a temptation for you to buy, remember that FREE can also be FAKE! So, beware that you don’t fall prey to the free security software available on Play Store. Go only for trusted brands like Quick Heal when it comes to guaranteed security of your device.

How to stay safe from fake mobile apps –

1. Check an app’s description before you download it.

2. Check the app developer’s name and their website.If the name sounds strange or odd, you have all the reasons to suspect it.

3. Go through the reviews and ratings of the app. But, note that these can also be faked.

4. Avoid downloading apps from third-party app stores.

5. Use a reliable mobile antivirus (like Quick Heal Total Security), that can prevent fake and malicious apps from getting installed on your phone.


Subscribe
Notify of
guest
22 Comments
Inline Feedbacks
View all comments
AbdulSalam Mohamed
AbdulSalam Mohamed
1 year ago

Many of our friends make rash decisions to install anti virus applications without much thinking or carefully examining the real nature of the said applications and thereby exposing themselves to great losses and running into dire difficulties. In these circumstances the warning by Prachi is quite timely and worthwhile.
It’s high time that we should be a bit more vigilant while handling the so called ‘fishing lines’ of Antivirus soft wares..
Prof E A Salam

Glofosnet Digital
Glofosnet Digital
1 year ago

Definitely agree

Sanjeev Rajan
Sanjeev Rajan
1 year ago

Thanks for the very important information.

Mohd Aurangazeb Shah
Mohd Aurangazeb Shah
1 year ago

Very useful

Ravi Patoliya
Ravi Patoliya
1 year ago

This blog is very useful. Thank you for that.

Sumit Sachdeva
Sumit Sachdeva
1 year ago

Good

Ashok Kadam
Ashok Kadam
1 year ago

Hello Prachi Taai,

Thanks for giving detailed info on Fake Antivirus applications on Google play.

Pl. recommend which Antivirus appl for reliable for android mobile for the benefit of users.

Greeting and regards.

Ashok Kadam

Rohit
Rohit
1 year ago

It’s true

suraj rajak
suraj rajak
1 year ago

good

Vishal Patil
Vishal Patil
1 year ago

Thanks a lot to aware us…

Nirmal
Nirmal
1 year ago

Good protection for mobile phones.

Kuldeep Singh
Kuldeep Singh
1 year ago

Supper

Ramesh
Ramesh
1 year ago

Useful information. Thanks Prachi mam.

Abhay chauhan
Abhay chauhan
1 year ago

good

chandrasekhar
chandrasekhar
1 year ago

Good information.

Devi Chand Saini
Devi Chand Saini
1 year ago

Thanks for the news. I trust only quick heal av

Kuldeep Kumar
Kuldeep Kumar
1 year ago

Thanks for important notice

umang vaja
umang vaja
1 year ago

Good

mahendra kale
mahendra kale
1 year ago

Thank you for sharing with us very important information regarding anti virus…

Shantanu Nema
Shantanu Nema
1 year ago

Absolutely true.
Before Quickheal, even I had such a fake app. It reported numerous threats daily and cleared more than 1 gb clutter everyday. Today I realized that it was a fake one, seeing it on the list― Smart antivirus and security, though I can’t find it on Google Play now.
Thanks to quickheal

Dinesh patel
Dinesh patel
1 year ago

Excellent artical
I like more also publish in social media thanks for uplifting my knowledge base. Thanks entire quickheal team.
Dineshbhai Patel

SandeepGupta
SandeepGupta
1 year ago

Nice Quick heal Antivirus

22
0
Would love your thoughts, please comment.x
()
x