By Bill Brenner
Our researchers have been investigating the growing number of untrustworthy programs hidden in apps on Google Play. Many of these fall into the category of Potentially Unwanted Applications, or PUAs. These are not outright malicious, but are generally deemed unsuitable for most business networks.
The apps may include features that people want, such as a device power optimizer or editing tool, but they also come bundled with others that leach off a phone or tablet’s processing power or push unwanted ads onto the screen.
The latest example of that is an app called Super Antivirus 2018, which is the focus of our new paper from SophosLabs, written by Android specialist Rowland Yu.
An antivirus-related smokescreen
Though advertised as an antivirus program, it is no such thing. The app was uploaded to Google Play in early October, and has since been downloaded up to 50,000 times. It claims to “detect 100% of viruses and malware through personalized scanning.” But when we analyzed the code, the claim proved less than accurate.
It has an online blocklist and even scans and detects nearly 500 apps. This gives it the appearance of doing legitimate security work, but it provides no effective protection for end users. What these functions do is provide a smokescreen to throw security researchers off track.
During the fake virus scan, Super Antivirus 2018 frequently displays a pop-up for another app called “Security Elite – Clean Virus, Antivirus, Booster.” And from within this new app you can expect to see more pop-up adverts.
These deceptive promotions and pop-ups violate the Google Play Developer App Promotion Policy:
We don’t allow apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem.
Super Antivirus 2018 misbehaves in the following ways:
- It doesn’t provide a proper malware removal feature
- It may mislead users into believing there is a virus on their Android device
- It entices users to download another malware removal tool.
Sophos protections and tips
Because of its characteristics, along with the breached Google developer policy, we protect Sophos users against it, detecting it as Andr/FakeAV-B.
To keep your device safe from these and other malicious Android apps download our free Sophos Mobile Security for Android. For more on Super Antivirus 2018, read our paper Super Antivirus 2018: A shady app many are downloading on Google Play.
(From Sophos blog).