Newsroom

Latest news about Seqrite from across the globe.

Quick Heal Discovered A Fake Antivirus App with 1 Crore Downloads on Google Play Store

  • Offering robust security to users, Quick Heal Total Security for Mobile successfully detects this application

Pune, September 09, 2024 – Quick Heal Technologies Limited, a leading global cybersecurity solutions provider, has discovered a fake antivirus app on the Google Play Store that has been downloaded over 1 crore times. The app, named “AntiVirus - Virus Cleaner”, masquerades as a legitimate antivirus solution but lacks any real security functionality.

According to Quick Heal's analysis, the main purpose of this app is to show advertisements and increase download counts, rather than provide actual security benefits. The app mimics the functionalities of a real antivirus app, with features like "Scan Device and Application," but it does not possess any real scanning capabilities except for a predefined list of apps marked as malicious or clean. This list appears to be static and has not been updated during Quick Heal's analysis.

Upon installation, the app shows a different icon than the one displayed on the Google Play Store, and its welcome screen displays advertisements. The app also requests various permissions and shows a fake virus detection alert to the user, eventually leading to more advertisements. Interestingly, the app detects almost every application as a "risky application," which is likely a tactic to make it seem like a legitimate antivirus app.

A closer look at the app's package files reveals suspicious JSON files in the "assets" subfolder, including `blackListActivities`, `permissions`, `whiteList`, and `whiteListReview`. These files contain a whitelist of popular apps, such as Facebook, Instagram, LinkedIn, and Skype, as well as the app's own package name, which is added to the whitelist to remain undetected. The app also uses wildcards in its whitelist, with entries such as "com.android.*", which allows malicious apps with similar package names to bypass detection.

Quick Heal Total Security for Mobile successfully detects this application as "Android.Blacklister (PUP)" with the package name "com.coopresapps.free.antivirus" and MD5 hash "cb2ebff07b16fffc6c3df0251247fe1d".

Commenting on the development, Vishal Salvi, Chief Executive Officer at Quick Heal Technologies Limeted, said, “This fake antivirus app is a classic example of how malware authors can entice users into downloading junk apps that create a false sense of security. We urge users to be cautious when downloading free security apps, as they may be deceptive and potentially harmful. Instead, users should opt for trusted brands like Quick Heal that provide guaranteed security for their devices. Remember, anything that comes free might come across as a temptation to install, but it can also be fake.”

To stay safe from fake mobile apps, Quick Heal recommends that users check an app's description before downloading it, verify the app developer's name and website, and read reviews and ratings carefully. Users should also avoid downloading apps from third-party app stores and use a reliable mobile antivirus solution, such as Quick Heal Total Security, to prevent fake and malicious apps from getting installed on their phones.

About Quick Heal Technologies Limited

Quick Heal Technologies Ltd. is a global cybersecurity solutions provider. Each Quick Heal product is designed to simplify IT security management across the length and depth of devices and on multiple platforms. They are customized to suit consumers, small businesses, government establishments, and corporate houses. Over a span of nearly 3 decades, the company’s R&D has focused on computer and network security solutions.

The current portfolio of cloud-based security and advanced machine learning-enabled solutions stops threats, attacks, and malicious traffic before it strikes. This considerably reduces the system resource usage. The security solutions are indigenously developed in India. Quick Heal Antivirus Solutions, Quick Heal Scan Engine, and the entire range of Quick Heal products are proprietary items of Quick Heal Technologies Ltd.

For more information, please visit: www.quickheal.co.in