Quick Heal Detects 27 Malicious Apps on Google Play Store

By: DT News Network
August, 21, 2019

Quick Heal Security Lab spotted 27 malicious apps of dropper category on official “Google Play Store”. These apps have been removed from Play Store after Quick Heal Security Lab reported it to Google last week.

These apps continuously show installation prompt for fake “Google Play Store”. If any user falls prey to this trap and installs the fake “Google Play Store” app, then his device gets infected by an Adware. The parent apps launch dropped app without any user interaction. On launching, it displays some stored wallpaper and after that, it hides its icon. So user will not be able to identify easily which app is showing the advertisements.

The fake “Google Play Store” remains in device even after its parent app is uninstalled and it keeps on displaying full screen adds at random time intervals. These Apps were published by same developer with name “AFAD Drift Racer”. All these apps belong to free Car Racing Games category. 

After installing and using any of the above apps, the app continuously show an installation prompt of fake Google Play Store. It states that you need to install Google Play Store for gaming purpose. If we cancel the installation prompt, then it shows the pop-up continuously until you install the app. Whereas, in reality, for gaming purpose Google Play Games is required. If any game is not supported by latest version of Google Play Games, then there is a pop-up to update “Google Play Games” and it redirects to play store. Google Play Games never download itself nor gives a pop-up for installation. If we cancel the installation prompt, then it shows the pop-up continuously until you install the app.

For making an illusion of a genuine Google Play Store app, it uses a similar icon of Google Play Store. Sometimes, it is easy to distinguish between fake and real app based on the icon.

After installing fake Google Play Store app, we can see it for few seconds and then it automatically hides its icon. The app keeps on running in background and shows full screen ads till you don’t uninstall it manually.

Showing aggressive ads and making money from them is monetization concept used by malware authors. In this case even if user is not using the app, still full screen ads are shown. This not only degrades user experience but also wastes his time.

Quick Heal Mobile Security detects these apps by detection name “Android.Dropper.F” and the dropped apps by detection name “Android.HiddenAd.A“.

Follow these steps to check whether a fake Google Play Store is installed on your phone.

  1. Go to Setting-> Apps & notifications OR Settings -> App Manager. This would change as per your Phone Manufacturer.
  2. Identify fake Google Play Store as shown below. Genuine Google Play Store app can never be uninstalled and shows option of disable instead.
  3. If such a Google Play Store app is found on your phone, you should Uninstall it immediately.

How to stay safe from fake mobile apps

1. Check an app’s description before you download it.
2. Check the app developer’s name and their website. If the name sounds strange or odd, you have all the reasons to suspect it.
3. Go through the reviews and ratings of the app. But, note that these can also be faked.
4. Avoid downloading apps from third-party app stores.
5. Use a reliable mobile antivirus that can prevent fake and malicious apps from getting installed on your phone.

Google Play Store links for Malicious apps reported by QuickHeal

  • Note: These apps have been removed from Google Play Store by Google last week.
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.cliosport
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.veyron
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.sls
  • https[:]//play[.]google[.]com/apps/details?id=com.cit.dodgeram
  • https[:]//play[.]google[.]com/store/apps/details?id=cit.gt
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gallardo
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.mustang
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.supra
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.viper
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.m3
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.f500
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.p911
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.amarok
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.mustang72
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.mustang74
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.q7
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.m3classic
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gam
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.r8
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.skylinegtr
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.m3sport
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.golf
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.clio
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gam
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.cooper
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.lancerevo
  • https[:]//play[.]google[.]com/store/apps/details?id=com.cit.hummer&hl=en
Share Your Views - post Your Comments Below

DT encourage Readers to go for verification process for security reasons.

Max Characters 1000.

We request you not to post comments that are obscene, libellous, slanderous or in flammatory, and do not indulge in personal attacks, name calling or inciting hatred against any community. Any offensive comments will not be published and will be forwarded to cyber crime department.

Posted Comments
There are no comments yet.