Can you trust your Android antivirus software? Malicious fake protection apps flood Google Play Store

Cybercriminals are trying to take advantage of high-profile cyberattacks like WannaCry in order to trick victims into downloading malware.
Written by Danny Palmer, Senior Writer

Fake antivirus apps are trying to take advantage of fears around ransomware and other cyberattacks.

Image: iStock

Hundreds of fake anti-virus apps are capitalising on fears around WannaCry and other ransomware to trick mobile users into downloading adware, trojans and other malware.

Many of these malicious apps are available to download in the Google Play store and a proportion claim to protect the user against WannaCry - even though the ransomware doesn't target mobile devices.

Fake WannaCry protection apps first started appearing in the days after the outbreak, but despite the immediate threat subsiding, malicious developers are still attempting to cash in on fears triggered by the incident and the raised profile of cyberattacks and hackers.

Cybersecurity researchers at RiskIQ have discovered hundreds of examples of apps that claim to help defend mobile phones from attacks, but instead expose them to new threats or unwanted programs.

Many of these malicious applications were available to download from the official Google Play store. Google's screening process largely protects Android's 1.4 billion users by keeping the vast majority of malicious apps from entering the marketplace, but there are those that sneak through the cracks.

See also: Can Google win its battle with Android malware?

Searching for 'Antivirus' in the Play store shows 655 results, with 131 triggering blacklist detections - meaning more than one in five of the apps were potentially malicious. When tightened to only include active apps, there are 508 antivirus apps in the Google Play store, with 55 blacklisted - a figure of just under 11 percent.

One of those apps removed from the Google Play store was called Ad Security, malicious software that authentic antivirus software flagged up as a malware trojan. Another antivirus app that AV vendors identify as malicious is still available to download in the Play Store.


VirusTotal warnings about an app in the Google Play store.

Image: RiskIQ

In total, across all scanned marketplaces, RiskIQ found 4,292 active apps claiming to either be an antivirus or in some way associated with antivirus software, with 525 blacklisted.

Researchers note that not all blacklisted hits are malicious, with the possibility of some being false-positives. However, there's also the prospect of many malicious apps not being blacklisted at all - and of course there's plenty of evidence of trojans and adware being distributed under the cover of fake antivirus apps.

"When it comes to the safety of your mobile devices, it is always best to be diligent. Be careful about inviting the bad guys in and giving them access to everything when choosing an antivirus app," warn researchers.

In order to remain safe from malicious applications, RiskIQ advises users to only download apps from official app stores, which are better at removing dangerous downloads than third-party stores.

Users should also review permission requests and be wary of an app which seems to be overreaching, as well as carefully examining the app description, as malicious apps are more likely to be riddled with spelling and grammatical errors.

ZDNet has contacted Google about the RiskIQ report, but at the time of writing is yet to receive a reply.


Editorial standards