This antivirus Android app with 1 crore-plus downloads on Google Play Store is "fake" and why you need to delete it right away

TOI Tech Desk / TIMESOFINDIA.COM / Oct 3, 2024, 17:50 IST

Text Size

Small
Medium
Large

Cybersecurity firm Quick Heal Technologies uncovers a fake antivirus app, 'AntiVirus - Virus Cleaner,' on Google Play Store. Despite mimicking legitimate antivirus functionalities, the app only displays ads and lacks actual security features. Users are urged to verify app descriptions, developers, reviews, and avoid third-party app stores for safer downloads.

This antivirus Android app with 1 crore-plus downloads on Google Play Store is "fake" and why you need to delete it right away

If you have an antivirus app running on your Android smartphone, you may need to check its veracity. cybersecurity company Quick Heal Technologies claims to have discovered a fake antivirus app on the Google Play Store. The app named 'AntiVirus - Virus Cleaner' has been downloaded over 1 crore times.

What is the problem with 'AntiVirus - Virus Cleaner' Android app

According to the security researcher, 'AntiVirus - Virus Cleaner' app masquerades as a legitimate antivirus solution but lacks any real security functionality.The main purpose of this app is said to be to show advertisements and increase download counts, rather than provide actual security benefits. The app mimics the functionalities of a real antivirus app, with features like "Scan Device and Application," but it does not possess any real scanning capabilities except for a predefined list of apps marked as malicious or clean. This list appears to be static and has not been updated during Quick Heal's analysis.
Upon installation, the app shows a different icon than the one displayed on the Google Play Store, and its welcome screen displays advertisements. The app also requests various permissions and shows a fake virus detection alert to the user, eventually leading to more advertisements. Interestingly, the app detects almost every application as a "risky application," which is likely a tactic to make it seem like a legitimate antivirus app.

A closer look at the app's package files reveals suspicious JSON files in the "assets" subfolder, including `blackListActivities`, `permissions`, `whiteList`, and `whiteListReview`. These files contain a whitelist of popular apps, such as Facebook, Instagram, LinkedIn, and Skype, as well as the app's own package name, which is added to the whitelist to remain undetected. The app also uses wildcards in its whitelist, with entries such as

"com.android.*", which allows malicious apps with similar package names to bypass detection.
The app has been detected as "Android.Blacklister (PUP)" with the package name "com.coopresapps.free.antivirus" and MD5 hash "cb2ebff07b16fffc6c3df0251247fe1d".

What users need to do

To stay safe from such fake mobile apps Android users should always following these simple tips:
* Check an app's description before downloading it
* Verify the app developer's name and website
* Read reviews and ratings carefully.
* Never download apps from third-party app stores

About the Author

TOI Tech Desk

The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

End of Article