Apps with names like Virus Cleaner and Antivirus security and which appear to be genuine anti-virus (AV) or virus-removal apps have been spotted on Google Play Store and have seen over a lakh downloads already, said a new report by Quick Heal Security Labs on Tuesday.
These AV apps mimic the functionalities of a real AV App and have functions like “scan device for viruses” and the main purpose of these apps is to show advertisements and increase the download count.
“These apps don’t have any AV engines or scan capabilities except a predefined list of Apps marked as malicious or clean. This list appears to be static and we haven’t seen it getting updated during our analysis,” the IT security firm said in a statement.
The fake AV app contains predefined package lists, like whiteList.json with few whitelist package names, blackListPackages.json with few blacklist package names and blackListActivities.json with a list of blacklisted activities.
This list is used for actual scanning and to show final scan results. It also contains a list of predefined permissions and uses it to show risks associated with other apps.
It also checks installed package names against the pre-defined static whitelists.
“These fake AV Apps don’t have any functionalities related to malware scanning or identifying any other security issues. These apps only show a fake virus detection alert to the user and eventually show advertisements,” the firm added.
These applications disguise as “security” or “antivirus” in their name and do nothing related to security.