Quick Heal Technologies has uncovered a fake antivirus app, named “AntiVirus – Virus Cleaner,” on the Google Play Store with over one crore times downloaded. This app pretends to be a legitimate antivirus solution but doesn’t provide an authentic security solution.
According to Quick Heal’s analysis, this app’s primary purpose is to display advertisements and increase download counts rather than provide actual security benefits.
Quick Heal Total Security for Mobile successfully detects this application as “Android.Blacklister (PUP)” with the package name “com.coopresapps.free.antivirus” and MD5 hash “cb2ebff07b16fffc6c3df0251247fe1d”.
The app mimics the functionalities of a real antivirus app, with features like “Scan Device and Application,” but it does not possess any real scanning capabilities except for a predefined list of apps marked as malicious or clean. This list appears to be static and was not updated during Quick Heal’s analysis.
After installing this app, it appears on the mobile with a different icon image than the one displayed on the Google Play Store. It welcomes the user with an advertisement screen, asks for many permissions, and shows the user a fake virus detection alert, leading to more publicity news.
This app detects almost every application as a “risky application,” which is likely a tactic to make it seem like a real antivirus app.
TA closer look at the app’s package files reveals suspicious JSON files in the “assets” subfolder, including `blackListActivities`, `permissions`, `whiteList`, and `whiteListReview`. These files contain a whitelist of popular apps, such as Facebook, Instagram, LinkedIn, and Skype, as well as the app’s own package name, which is added to the whitelist to remain undetected. The app also uses wildcards in its whitelist, with entries such as “com.android.*”, which allows malicious apps with similar package names to bypass detection.
Vishal Salvi, Chief Executive Officer at Quick Heal Technologies Limited, said, “This fake antivirus app is a classic example of how malware authors can entice users into downloading junk apps that create a false sense of security. We urge users to be cautious when downloading free security apps, as they may be deceptive and potentially harmful. Instead, users should opt for trusted brands like Quick Heal that provide guaranteed device security. Remember, anything that comes free might come across as a temptation to install, but it can also be fake.”
Also Read: Quick Heal Appoints Bhushan Nilkanth Gokhale as an Independent Director
