If you have an antivirus app running on your Android smartphone, you may need to check its veracity. cybersecurity company Quick Heal Technologies claims to have discovered a fake antivirus app on the Google Play Store. The app named ‘AntiVirus – Virus Cleaner‘ has been downloaded over 1 crore times.
What is the problem with ‘AntiVirus – Virus Cleaner’ Android app
According to the security researcher, ‘AntiVirus – Virus Cleaner’ app masquerades as a legitimate antivirus solution but lacks any real security functionality.The main purpose of this app is said to be to show advertisements and increase download counts, rather than provide actual security benefits. The app mimics the functionalities of a real antivirus app, with features like “Scan Device and Application,” but it does not possess any real scanning capabilities except for a predefined list of apps marked as malicious or clean. This list appears to be static and has not been updated during Quick Heal’s analysis.
Upon installation, the app shows a different icon than the one displayed on the Google Play Store, and its welcome screen displays advertisements. The app also requests various permissions and shows a fake virus detection alert to the user, eventually leading to more advertisements. Interestingly, the app detects almost every application as a “risky application,” which is likely a tactic to make it seem like a legitimate antivirus app.
A closer look at the app’s package files reveals suspicious JSON files in the “assets” subfolder, including `blackListActivities`, `permissions`, `whiteList`, and `whiteListReview`. These files contain a whitelist of popular apps, such as Facebook, Instagram, LinkedIn, and Skype, as well as the app’s own package name, which is added to the whitelist to remain undetected. The app also uses wildcards in its whitelist, with entries such as “com.android.*“, which allows malicious apps with similar package names to bypass detection.
The app has been detected as “Android.Blacklister (PUP)” with the package name “com.coopresapps.free.antivirus” and MD5 hash “cb2ebff07b16fffc6c3df0251247fe1d”.
What users need to do
To stay safe from such fake mobile apps Android users should always following these simple tips:
* Check an app’s description before downloading it
* Verify the app developer’s name and website
* Read reviews and ratings carefully.
* Never download apps from third-party app stores
#antivirus #Android #app #croreplus #downloads #Google #Play #Store #fake #delete #Times #India
