Thousands of fake Android Antivirus apps deliver malware virus

Security Week, June 18, 2017 - There are thousands of Android applications containing the label “antivirus,” but a big chunk of them are dangerous programs designed to infect devices of unsuspecting users with malware, RiskIQ warns.

After the WannaCry ransomware outbreak last month, numerous fake programs claiming to keep Android users safe from the threat began to emerge, despite the fact that Android wasn’t targeted by the malware. RiskIQ decided to have a closer look at the many antivirus apps for Android and discovered that these fake apps aren’t limited to the WannaCry theme.

What’s more, the security company discovered, was that while some of the programs are worthless, others are straight up malicious, being designed to spread adware, Trojans, and other type of malware, instead of protecting users from such threats.

According to RiskIQ, there are 6,295 total Android apps, past and present, claiming to either be an antivirus solution, review antivirus solutions or be associated with antivirus software in some way. RiskIQ discovered that 707 of the apps triggered blacklist detections in VirusTotal. 655 of these “antivirus” apps are in Google Play, and 131 of them triggered blacklist detections.

Furthermore, 4,292 of these apps are active today, including 525 of those that triggered blacklist detections in VirusTotal. 508 of the apps are in Google Play, yet only 55 of them triggered blacklist detections.

Overall, while 11% of total antivirus apps lived in the Google Play store, only 12.2% of active antivirus apps are available through the portal. However, 20% of total blacklisted antivirus apps live in the store, although only 10.8% of the active blacklisted antivirus apps are present there, RiskIQ found.

RiskIQ also points out that, while not all of the blacklist hits from VirusTotal point to malicious applications, there are many malicious antivirus apps that are not blacklisted at all. However, as soon as one application is flagged by a well-known vendor, or by more of them, it may be worth further review.

“When it comes to the safety of your mobile devices, it is always best to be diligent. Be careful about inviting the bad guys in and giving them access to everything when choosing an antivirus app,” RiskIQ’s Forrest Gueterman notes.

To stay protected, users should pay close attention when choosing a mobile antivirus solution, and should download such apps only from official stores, as they tend to remove malicious apps faster than unofficial portals.

Reviewing the permissions requested by these apps is also very important, and users are also advised to have a close look at the developer email address (to avoid those using a free email service like Gmail or Hotmail) and at the app description (it could point to a fake app if riddled with grammatical errors). Checking the app against known blacklists can also keep devices protected.