Super Antivirus 2018, it isn’t super and it’s not an antivirus

SophosLabsAndroidfake antivirusGoogle PlayPUAsSophos Mobile

Though advertised as an antivirus program, Super Antivirus 2018 is no such thing

Our researchers have been investigating the growing number of untrustworthy programs hidden in apps on Google Play. Many of these fall into the category of Potentially Unwanted Applications, or PUAs. These are not outright malicious, but are generally deemed unsuitable for most business networks.

The apps may include features that people want, such as a device power optimizer or editing tool, but they also come bundled with others that leach off a phone or tablet’s processing power or push unwanted ads onto the screen.

The latest example of that is an app called Super Antivirus 2018, which is the focus of our new paper from SophosLabs, written by Android specialist Rowland Yu.

An antivirus-related smokescreen

Though advertised as an antivirus program, it is no such thing. The app was uploaded to Google Play in early October, and has since been downloaded up to 50,000 times. It claims to “detect 100% of viruses and malware through personalized scanning.” But when we analyzed the code, the claim proved less than accurate.

It has an online blocklist and even scans and detects nearly 500 apps. This gives it the appearance of doing legitimate security work, but it provides no effective protection for end users. What these functions do is provide a smokescreen to throw security researchers off track.

During the fake virus scan, Super Antivirus 2018 frequently displays a pop-up for another app called “Security Elite – Clean Virus, Antivirus, Booster.” And from within this new app you can expect to see more pop-up adverts.

These deceptive promotions and pop-ups violate the Google Play Developer App Promotion Policy:

We don’t allow apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem.

Super Antivirus 2018 misbehaves in the following ways:

  • It doesn’t provide a proper malware removal feature
  • It may mislead users into believing there is a virus on their Android device
  • It entices users to download another malware removal tool.

Sophos protections and tips

Because of its characteristics, along with the breached Google developer policy, we protect Sophos users against it, detecting it as Andr/FakeAV-B.

To keep your device safe from these and other malicious Android apps download our free Sophos Mobile Security for Android. For more on Super Antivirus 2018, read our paper Super Antivirus 2018: A shady app many are downloading on Google Play.

1 Comment

False anti-virus is a major problem on all operating systems.

The majority with whom I had to deal created a problem that did not exist in the system and to “solve” it was necessary to buy the license.

I just wondered as there is a little more filtering for this kind of application to appear in the official Google App Store.

Big hug and congratulations on the operation of Sophos, it’s great and I tell all my friends and clients.

Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s