There are 1.2 billion cell phone customers in India, with 95.01% utilizing Android gadgets. These gadgets have turn out to be integral to our each day lives. With all this making certain your Android telephone has a safety answer put in is important. Nonetheless, not all apps that includes “safety” or “antivirus” of their title do what the title guarantees. Earlier than putting in a safety answer, suppose twice, is it actually a software you possibly can safely depend on?
Fast Heal Safety Labs noticed a Pretend Antivirus App hosted on the Google Play Retailer. What’s extra alarming, is that this pretend AV App has been downloaded 1Cr+ occasions already. This menace actor leverages as an Antivirus app to lure customers to obtain and set up these pretend AV. Authors are leveraging this theme to lure customers by misinforming them that that is an antivirus and free app.
Within the beneath particulars, we are going to describe why it’s pretend. This App seems to be a real Anti-virus App with the title AntiVirus – Virus Cleaner. This app doesn’t have any such performance. As per our evaluation, the primary objective of this App is to point out ads and enhance the obtain depend.
This App mimics the functionalities of an actual Anti-virus App and has capabilities like “Scan System and Utility”. As per our evaluation, this App don’t have any AV engines or scan capabilities besides a predefined listing of apps marked as malicious or clear. This listing seems to be static and we haven’t seen it getting up to date throughout our evaluation. This App solely exhibits a pretend virus detection alert to the consumer and ultimately exhibits ads. The app exhibits totally different icon after set up, than the icon used on Google play.
All About The Pretend Cell Safety App
Fig 1. Totally different icons on Google Play and precise app icons.
Fig 2 – Welcome Display of Antivirus That Reveals Commercial
Observations by Fast Heal Labs about this Pretend Antivirus App:
- On Google Play, the app exhibits the 12 months 2024, however after set up, it shows 2022. However once you click on on the icon, it opens a display resembling an antivirus interface.
- The attention-grabbing side of this utility is that it labels each app as a Dangerous Utility. Does extra detection equate to a greater antivirus? As an alternative of offering safety, it shows adverts and gives ineffective pseudo-security.
- Upon inspecting the app’s bundle information, suspicious JSON information had been discovered within the “belongings” subfolder, together with “blackListActivities,” “permissions,” “whiteList,” and “whiteListReview.” Upon analyzing these information, we discover that the whitelist consists of common apps similar to Fb, Instagram, LinkedIn, Skype, and others. The app additionally provides its personal bundle title to the whitelist to keep away from detection.
- In different situations, this app makes use of wildcards in its whitelist, with entries like “com.android.*”. Since malware typically makes use of clear bundle names to deceive customers, any malicious apps with these bundle names can bypass detection. The “blacklistActivities” file comprises permissions deemed harmful, marked with values 0 and 1, that are used to show scan outcomes to the consumer.
Fig 3-Varied permissions requested by the app, pretend scanning dashboard and steady adverts
Fig.4 – Displaying Nearly Each Utility As A Dangerous Utility
The pretend antivirus app shops a predefined listing of packages in “whiteList.json” to whitelist sure apps, whereas delicate permissions are saved in “blackListActivities.json.” The app checks put in packages in opposition to these lists after which shows the ultimate scan outcomes to the consumer.
The appliance in query disguises as an “antivirus” app, however as defined, it lacks the aptitude to detect actual malware, giving customers a false sense of safety. It typically flags legit apps as malicious, creating additional confusion. This false sense of safety can expose customers to precise threats from undetected malicious apps.
The usage of a static blacklist/whitelist with none replace mechanism confirms that this app is adware. The excessive obtain depend is regarding and demonstrates how simply malware authors can trick customers into downloading junk apps. Moreover, the app isn’t totally free, providing a paid improve. If future updates embody different varieties of malware, it might critically hurt customers’ gadgets.
Some Of The Content material Of The Recordsdata:
Fig.5 – Suspicious Recordsdata From The Bundle
Fig.6 – Contents From whitelist.json & blacklistactivities.json information
Fig.7 – Permission Scanning
Public Evaluations After Downloading & Utilizing The App
Regardless of having a 4-star score, not all downloads are essentially real. It is not uncommon follow for bots to generate pretend downloads and publish constructive opinions, artificially boosting the app’s rankings.
Notice: On the time of writing the weblog the app is current on play.
How To Keep Protected From Pretend Cell Apps
1. Verify an app’s description earlier than you obtain it.
2. Verify the app developer’s title and their web site. If the title sounds unusual or odd, you may have all the explanations to suspect it.
3. Undergo the opinions and rankings of the app. However, word that these will also be faked.
4. Keep away from downloading apps from third-party app shops.
5. Use a dependable cell antivirus (like Fast Heal Complete Safety for Android), that may forestall pretend and malicious apps from getting put in in your telephone.
Conclusion
Whereas, something that comes FREE may come throughout as a temptation to put in, do not forget that FREE will also be FAKE! So, beware that you simply don’t fall prey to the free safety software program out there on the Play Retailer. Go just for trusted manufacturers like Fast Heal with regards to assured safety of your gadget.