Recently, CamScanner app was found with Malware that affected several users. It was subsequently removed from Google Play Store. On similar lines, now, Quick Heal Security Labs have spotted multiple fake Anti Virus applications on Google Play Store and following the report from Quick Heal, Google has removed the fake Anti Virus apps from the Play Store.
According to the report from Quick Heal, these apps appear to be genuine Anti-virus/virus-removal Apps with names like Virus Cleaner, Antivirus security, etc. but in reality, they do not have any such functionality. The fake Anti Virus applications have been downloaded 100000+ times already by users.
The findings reveal that the main purpose of these apps is to show advertisements and increase the download count and they do not have any AV engines or scan capabilities except a predefined list of apps(which appears to be static) marked as malicious or clean. The report also reveals that these apps contain predefined package lists, like whiteList.json with few whitelist package names, blackListPackages.json with few blacklist package names and blackListActivities.json with a list of blacklisted activities.
It also contains a list of predefined permissions and uses it to show risks associated with other apps. It checks installed package names against the pre-defined static Whitelists and this is the reason why it detects itself as High-Risk Application because its own package name is not present in whitelist.json.
If you have any of these apps already installed, it is advisable to uninstall immediately and check thoroughly before downloading any application.