Connect with us

Hi, what are you looking for?


Mobile & Wireless

Hundreds of Fake Android Antivirus Apps Deliver Malware

There are thousands of Android applications containing the label “antivirus,” but a big chunk of them are dangerous programs designed to infect devices of unsuspecting users with malware, RiskIQ warns.

There are thousands of Android applications containing the label “antivirus,” but a big chunk of them are dangerous programs designed to infect devices of unsuspecting users with malware, RiskIQ warns.

After the WannaCry ransomware outbreak last month, numerous fake programs claiming to keep Android users safe from the threat began to emerge, despite the fact that Android wasn’t targeted by the malware. RiskIQ decided to have a closer look at the many antivirus apps for Android and discovered that these fake apps aren’t limited to the WannaCry theme.

What’s more, the security company discovered, was that while some of the programs are worthless, others are straight up malicious, being designed to spread adware, Trojans, and other type of malware, instead of protecting users from such threats.

According to RiskIQ, there are 6,295 total Android apps, past and present, claiming to either be an antivirus solution, review antivirus solutions or be associated with antivirus software in some way. RiskIQ discovered that 707 of the apps triggered blacklist detections in VirusTotal. 655 of these “antivirus” apps are in Google Play, and 131 of them triggered blacklist detections.

Furthermore, 4,292 of these apps are active today, including 525 of those that triggered blacklist detections in VirusTotal. 508 of the apps are in Google Play, yet only 55 of them triggered blacklist detections.

Overall, while 11% of total antivirus apps lived in the Google Play store, only 12.2% of active antivirus apps are available through the portal. However, 20% of total blacklisted antivirus apps live in the store, although only 10.8% of the active blacklisted antivirus apps are present there, RiskIQ found.

RiskIQ also points out that, while not all of the blacklist hits from VirusTotal point to malicious applications, there are many malicious antivirus apps that are not blacklisted at all. However, as soon as one application is flagged by a well-known vendor, or by more of them, it may be worth further review.

“When it comes to the safety of your mobile devices, it is always best to be diligent. Be careful about inviting the bad guys in and giving them access to everything when choosing an antivirus app,” RiskIQ’s Forrest Gueterman notes.

Advertisement. Scroll to continue reading.

To stay protected, users should pay close attention when choosing a mobile antivirus solution, and should download such apps only from official stores, as they tend to remove malicious apps faster than unofficial portals.

Reviewing the permissions requested by these apps is also very important, and users are also advised to have a close look at the developer email address (to avoid those using a free email service like Gmail or Hotmail) and at the app description (it could point to a fake app if riddled with grammatical errors). Checking the app against known blacklists can also keep devices protected.

Related: Google Launches Security Services for Android

Related: Fake Super Mario Run for Android Installs Malware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.