Malware Being Spread Through Fake Android Antivirus Apps

Image courtesy of Google

Given the increasing number of cyber attacks on web-connected devices, it makes sense to have quality anti-malware protections on your phone. However, some “antivirus” apps lurking in the crowded app marketplace are really just fakes waiting to infect your device.

A new report from security firm RiskIQ finds that there are “hundreds” of malicious, fake “antivirus” apps for Android that will make your phone significantly more vulnerable, rather than less.

The Android app marketplace, Google Play, is more accessible and open than the walled garden of Apple’s App Store for iOS. That’s good for small developers who want to be able to break out and reach an audience, but it means that there’s just more everything available for users to choose from — and that includes more spam and scam apps, too.

RiskIQ noted that searching the Google Play store for “antivirus” apps currently listed returns 508 results — of which 55, or about 11%, are blacklisted, or known to be potentially malicious.

Many of these pop up to capitalize on recent news. For example, a search for “WannaCry” in the Google Play store returns dozens of results. Several claim to protect your phone from the well-known ransomware in some way.

But WannaCry doesn’t even affect mobile systems. It spread worldwide by infecting Windows computers, primarily running Windows 7, that were not completely up to date.

While Google Play is less restrictive than the App Store, it’s not completely open. Google still has standards and makes an effort to contain or remove dangerous software.

The company is also taking the reverse approach, and trying to promote and reward good software. Google has, as of today, launched an “Android Excellence program, highlighting what the company considers the best available apps on the platform. That joins the existing “Editor’s Choice” program, which is a selection of apps curated by folks inside Google.

RiskIQ’s advice to sets who want to put legitimate apps on their phones?

  1. Stick to official stores — look on Google Play, not on random websites.
  2. Read the app description carefully — look for grammatical errors or inconsistencies.
  3. Research the publisher — double-check their email contact address to see if it’s an “@business.com” type email, and not a hotmail or gmail throwaway. Also, have a look at the developer’s other apps, or perhaps even search the developer name to see if they’re legitimate.

[via ZDNet]