Researchers discovered 35 Malicious Android-based Anti-virus apps from Google Play store and the apps were downloaded and installed by more than 6 Million users around the world.

Many of the apps fall under this Antivirus apps list that has flying under the radar for several years and infecting millions of user without let knowing them.

These Apps are posed as legitimate antivirus removal software, but it performs various malicious activities such as pop up unwanted ads, ineffective pseudo-security and stealing the user’s mobile data.

Attackers are making these apps to be installed via fake downloads by bots that help to post a positive review and gaining the reputation in order to increase the downloads counts.


These apps are quite often detecting legitimate apps as malicious and also it mimics the basic security functions that existing in the original Antivirus apps.

Also, it generates a false security alarm in the victims mobile and forces them to perform clicks and gaining the permission of other apps.

According to ESET Analysis, among these 35 apps, only a handful stand out for their specific features: one app is not completely free as it offers a paid upgrade; one app has implemented a primitive, easily bypassed, app-locker manager; another app flags other apps from this group as dangerous by default; and finally, one misuses ESET’s branding.

Fake Anti-Virus Security Bypass Functionality

Security functionality and a detection mechanism that implemented in these fake antivirus are incompletely added and it generates a lot of false positive.

There are 4 detecting detection mechanism categories that generally exists in all kind of apps.

Package name whitelist & blacklist – It whitelists very popular apps such as Facebook, Instagram, LinkedIn, Skype and others and few blacklisted apps.
Permissions blacklist – All apps (including legitimate ones) are flagged if they require some of the listed permissions that are considered dangerous, such as send and receive SMS, access location data, access the camera, etc.
Source whitelist – All apps but those from the official Android store, Google Play, are flagged – even if they are completely benign.
Activities blacklist –  Apps that contain any of the  blacklisting activities

In this case, researchers clearly indicate that 35 pseudo-security apps described in this article are not, say, ransomware or other hardcore malware. The only harm they do is displaying annoying ads.

Also yes, security solution is definitely needed for protection but all the apps that named as a security or Antivirus will not provide complete security.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here