Pune, 18th September 2024: Quick Heal Technologies Limited, a leading global cybersecurity solutions provider, has discovered a fake antivirus app on the Google Play Store that has been downloaded over 1 crore times. The app, named “AntiVirus – Virus Cleaner”, masquerades as a legitimate antivirus solution but lacks any real security functionality.

According to Quick Heal’s analysis, the main purpose of this app is to show advertisements and increase download counts, rather than provide actual security benefits. The app mimics the functionalities of a real antivirus app, with features like “Scan Device and Application,” but it does not possess any real scanning capabilities except for a predefined list of apps marked as malicious or clean. This list appears to be static and has not been updated during Quick Heal’s analysis.

Upon installation, the app shows a different icon than the one displayed on the Google Play Store, and its welcome screen displays advertisements. The app also requests various permissions and shows a fake virus detection alert to the user, eventually leading to more advertisements. Interestingly, the app detects almost every application as a “risky application,” which is likely a tactic to make it seem like a legitimate antivirus app.

A closer look at the app’s package files reveals suspicious JSON files in the “assets” subfolder, including `blackListActivities`, `permissions`, `whiteList`, and `whiteListReview`. These files contain a whitelist of popular apps, such as Facebook, Instagram, LinkedIn, and Skype, as well as the app’s own package name, which is added to the whitelist to remain undetected. The app also uses wildcards in its whitelist, with entries such as “com.android.*”, which allows malicious apps with similar package names to bypass detection.

Quick Heal Total Security for Mobile successfully detects this application as “Android.Blacklister (PUP)” with the package name “com.coopresapps.free.antivirus” and MD5 hash “cb2ebff07b16fffc6c3df0251247fe1d”.

Commenting on the development, Vishal Salvi, Chief Executive Officer at Quick Heal Technologies Limited, said, “This fake antivirus app is a classic example of how malware authors can entice users into downloading junk apps that create a false sense of security. We urge users to be cautious when downloading free security apps, as they may be deceptive and potentially harmful. Instead, users should opt for trusted brands like Quick Heal that provide guaranteed security for their devices. Remember, anything that comes free might come across as a temptation to install, but it can also be fake.”

To stay safe from fake mobile apps, Quick Heal recommends that users check an app’s description before downloading it, verify the app developer’s name and website, and read reviews and ratings carefully. Users should also avoid downloading apps from third-party app stores and use a reliable mobile antivirus solution, such as Quick Heal Total Security, to prevent fake and malicious apps from getting installed on their phones.