Friday, November 1, 2024
HomeAdware35 Malicious Anti-Virus Apps Discovered in Google Play store that Affected 6...

35 Malicious Anti-Virus Apps Discovered in Google Play store that Affected 6 Million Users

Published on

Malware protection

Researchers discovered 35 Malicious Android-based Anti-virus apps from Google Play store and the apps were downloaded and installed by more than 6 Million users around the world.

Many of the apps fall under this Antivirus apps list that has flying under the radar for several years and infecting millions of user without let knowing them.

These Apps are posed as legitimate antivirus removal software, but it performs various malicious activities such as pop up unwanted ads, ineffective pseudo-security and stealing the user’s mobile data.

- Advertisement - SIEM as a Service

Attackers are making these apps to be installed via fake downloads by bots that help to post a positive review and gaining the reputation in order to increase the downloads counts.

These apps are quite often detecting legitimate apps as malicious and also it mimics the basic security functions that existing in the original Antivirus apps.

Also, it generates a false security alarm in the victims mobile and forces them to perform clicks and gaining the permission of other apps.

According to ESET Analysis, among these 35 apps, only a handful stand out for their specific features: one app is not completely free as it offers a paid upgrade; one app has implemented a primitive, easily bypassed, app-locker manager; another app flags other apps from this group as dangerous by default; and finally, one misuses ESET’s branding.

Fake Anti-Virus Security Bypass Functionality

Security functionality and a detection mechanism that implemented in these fake antivirus are incompletely added and it generates a lot of false positive.

There are 4 detecting detection mechanism categories that generally exists in all kind of apps.

Permissions blacklist – All apps (including legitimate ones) are flagged if they require some of the listed permissions that are considered dangerous, such as send and receive SMS, access location data, access the camera, etc.
Source whitelist – All apps but those from the official Android store, Google Play, are flagged – even if they are completely benign.
Activities blacklist –  Apps that contain any of the  blacklisting activities

In this case, researchers clearly indicate that 35 pseudo-security apps described in this article are not, say, ransomware or other hardcore malware. The only harm they do is displaying annoying ads.

Also yes, security solution is definitely needed for protection but all the apps that named as a security or Antivirus will not provide complete security.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...