Saturday, April 19, 2025
HomeAdware35 Malicious Anti-Virus Apps Discovered in Google Play store that Affected 6...

35 Malicious Anti-Virus Apps Discovered in Google Play store that Affected 6 Million Users

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered 35 Malicious Android-based Anti-virus apps from Google Play store and the apps were downloaded and installed by more than 6 Million users around the world.

Many of the apps fall under this Antivirus apps list that has flying under the radar for several years and infecting millions of user without let knowing them.

These Apps are posed as legitimate antivirus removal software, but it performs various malicious activities such as pop up unwanted ads, ineffective pseudo-security and stealing the user’s mobile data.

- Advertisement - Google News

Attackers are making these apps to be installed via fake downloads by bots that help to post a positive review and gaining the reputation in order to increase the downloads counts.

These apps are quite often detecting legitimate apps as malicious and also it mimics the basic security functions that existing in the original Antivirus apps.

Also, it generates a false security alarm in the victims mobile and forces them to perform clicks and gaining the permission of other apps.

According to ESET Analysis, among these 35 apps, only a handful stand out for their specific features: one app is not completely free as it offers a paid upgrade; one app has implemented a primitive, easily bypassed, app-locker manager; another app flags other apps from this group as dangerous by default; and finally, one misuses ESET’s branding.

Fake Anti-Virus Security Bypass Functionality

Security functionality and a detection mechanism that implemented in these fake antivirus are incompletely added and it generates a lot of false positive.

There are 4 detecting detection mechanism categories that generally exists in all kind of apps.

Permissions blacklist – All apps (including legitimate ones) are flagged if they require some of the listed permissions that are considered dangerous, such as send and receive SMS, access location data, access the camera, etc.
Source whitelist – All apps but those from the official Android store, Google Play, are flagged – even if they are completely benign.
Activities blacklist –  Apps that contain any of the  blacklisting activities

In this case, researchers clearly indicate that 35 pseudo-security apps described in this article are not, say, ransomware or other hardcore malware. The only harm they do is displaying annoying ads.

Also yes, security solution is definitely needed for protection but all the apps that named as a security or Antivirus will not provide complete security.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

How SMBs Can Improve SOC Maturity With Limited Resources

Small and Medium-sized Businesses (SMBs) have become prime targets for cybercriminals, being three times...

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

How to Conduct a Cloud Security Assessment

Cloud adoption has transformed organizations' operations but introduces complex security challenges that demand proactive...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

How SMBs Can Improve SOC Maturity With Limited Resources

Small and Medium-sized Businesses (SMBs) have become prime targets for cybercriminals, being three times...

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...