Malicious threat actors are increasingly looking to exploit the growing fear and hysteria surrounding the notorious WannaCry ransomware with fake "protectors" and malware-laden antivirus apps. In May, the massive WannaCry cyberattack crippled companies across the globe, ensnared more than 300,000 computers in 150 countries and encrypted millions of user files in exchange for a ransom.
According to cybersecurity firm RiskIQ, predators are now looking to exploit the rising threat of cyberattacks to drive downloads of useless and often malware-carrying mobile apps masquerading as antivirus applications.
"Using RiskIQ's mobile database, hundreds of examples of apps that claimed to help defend mobile phones were found, instead, to be preying on unsuspecting users by pushing adware, trojans, and other malware," RiskIQ researchers said.
Using a simple internet search for "Antivirus", researchers found 6,295 total apps, both past and present, that claim to be an antivirus solution, review antivirus solutions or are associated with antivirus software. More than 4,290 of these apps are still active with 525 triggering blacklist detections from aggregated antivirus vendors in VirusTotal, a free online virus scanning service.
However, researchers note that not all of these blacklisted hits from VirusTotal imply that the app is actually malicious. They added that many malicious antivirus apps may not even have been blacklisted at all.
After focusing on apps in the Google Play Store, about 508 antivirus apps are still found to be active with 55 blacklisted. RiskIQ said it scoured through 189 different app stores to find fake antivirus apps.
The researchers said 20% of total blacklisted antivirus apps are residing in the Google Play store, about 10.8% of which are active.
The "Androids Antivirus" app in the Mobiles24 app store, for example, had five different variants of malware embedded in its code as well as fake alerts, Trojans and attacks targeting the Android operating system. The fake app had garnered over 3,500 downloads.
The "Antivirus Malware Trojan" had been downloaded over 10,000 times before Google eventually removed it from its app store.
Other malicious "antivirus" apps included the "Mobile Antivirus Security Info" review app and "MP Security Antivirus App Lock" app which garnered thousands of downloads each. They have since been taken down from the Google Play store.
"Google Play is one of the most reputable app stores in the world, so the fact that so many reside there shows the dangers facing mobile app consumers," Forrest Gueterman, Risk IQ security analyst said, CNET reports.
RiskIQ recommended that users try to only download apps from official stores such as Google, noting that the company "seems to be diligently removing malicious apps at a greater rate than third-party stores". It also urged users to review the permissions requested and make sure the developer email address is not linked to a free email service such as Gmail or Hotmail.
Users can also examine the app's description for sure-tell grammatical errors and check the app against known blacklists.