Saturday, December 2, 2023

35 Malicious Anti-Virus Apps Discovered in Google Play store that Affected 6 Million Users

Researchers discovered 35 Malicious Android-based Anti-virus apps from Google Play store and the apps were downloaded and installed by more than 6 Million users around the world.

Many of the apps fall under this Antivirus apps list that has flying under the radar for several years and infecting millions of user without let knowing them.

These Apps are posed as legitimate antivirus removal software, but it performs various malicious activities such as pop up unwanted ads, ineffective pseudo-security and stealing the user’s mobile data.

Attackers are making these apps to be installed via fake downloads by bots that help to post a positive review and gaining the reputation in order to increase the downloads counts.

These apps are quite often detecting legitimate apps as malicious and also it mimics the basic security functions that existing in the original Antivirus apps.

Also, it generates a false security alarm in the victims mobile and forces them to perform clicks and gaining the permission of other apps.

According to ESET Analysis, among these 35 apps, only a handful stand out for their specific features: one app is not completely free as it offers a paid upgrade; one app has implemented a primitive, easily bypassed, app-locker manager; another app flags other apps from this group as dangerous by default; and finally, one misuses ESET’s branding.

Fake Anti-Virus Security Bypass Functionality

Security functionality and a detection mechanism that implemented in these fake antivirus are incompletely added and it generates a lot of false positive.

There are 4 detecting detection mechanism categories that generally exists in all kind of apps.

Permissions blacklist – All apps (including legitimate ones) are flagged if they require some of the listed permissions that are considered dangerous, such as send and receive SMS, access location data, access the camera, etc.
Source whitelist – All apps but those from the official Android store, Google Play, are flagged – even if they are completely benign.
Activities blacklist –  Apps that contain any of the  blacklisting activities

In this case, researchers clearly indicate that 35 pseudo-security apps described in this article are not, say, ransomware or other hardcore malware. The only harm they do is displaying annoying ads.

Also yes, security solution is definitely needed for protection but all the apps that named as a security or Antivirus will not provide complete security.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles