Sometimes an app needs to execute native code, it can be an image processing library, a game engine or whatever. In such case, those ELF libraries will be found inside the libs folder, divided into architecture specific subfolders ( so the app will run on ARM, ARM64, x86, etc ).
I don't know what "fake" means in this analysis but I believe that seeing "fake-libs/libs64" is not enough to say malware.
Kaspersky confirms this so don't worry.