Sunday, January 26, 2025
HomeSecurity NewsFake Android Apps that Impersonate as Security Applications Found in Play store...

Fake Android Apps that Impersonate as Security Applications Found in Play store with 6000,000 Installations

Published on

SIEM as a Service

Follow Us on Google News

Newly discovered Fake Android Apps in Google play store that posed as offering security proving unwanted ads and other potential cyber threats to installed user device and collection a lot of sensitive information.

In this case, 35 Malicious Fake Android Apps discovered in official Google Play Store that posed as security apps but it doesn’t contain any of security future.

A lot of these fake security apps are impersonating as security application and show malicious ads to generating revenue.

All the discovered Fake Android Apps installed over 6 Million times in the user devices and these apps are being under the radar for last few years.

Also not all the apps were downloaded manually but some of these applications are downloaded and installed by bots to post positive reviews and improve their respective app’s ratings.

Fake Android Apps
35 Apps that offer Fake security prevention

It Mimics as very primitive security checkers relying on a few trivial hardcoded rules and eventually it flag legitimate security apps as malicious.

Also, it creates false alerts to victims as your mobile under potential risk state by malware which actually doesn’t perform any malicious activities.

According to ESET Researchers, among these 35 apps, only a handful stand out for their specific features: one app is not completely free as it offers a paid upgrade; one app has implemented a primitive, easily bypassed, app-locker manager; another app flags other apps from this group as dangerous by default.

Fake Android Apps

How the Fake Android Apps Mimic as Real Security Apps

All the flagged fake security apps are posed as actual mobile security solutions and it staying under the radar to avoid detection and their app detection mechanisms easy to bypass.

These fake security  apps are 4 categories that contain  Security-mimicking functionality

Package name whitelist & blacklist 

Its Whitelisting Popular apps such as Facebook, Instagram, LinkedIn, Skype and others. its blacklist few apps.

Permissions blacklist

All apps (including legitimate ones) are flagged if they require some of the listed permissions that are considered dangerous, such as send and receive SMS, access location data, access the camera, etc.

 Source whitelist

All apps but those from the official Android store, Google Play, are flagged – even if they are completely benign.

 Activities blacklist

All apps that contain any of the blacklisted activities: that is, parts of applications. This mainly concerns some ad-displaying activities.

You can Refer the ESET for IOC’s and Fake AntiVirus Apps Name.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...