This work proposes efficient methods for the detection of malicious crowdsourcing workers using only privacy-aware group queries. In the proposed system, the crowdsourcing platform first issues a series of standard tasks to the workers, and allows users (i.e., data owners) to access aggregate responses from the workers through group queries that can be described by sparse encoding vectors. The identities of workers associated with individual responses are not explicitly revealed. By exploiting the sparse nature of the encoding vectors, we first propose an approximate maximum a posteriori probability (Approx. MAP) detector to perform the detection. Then, to further reduce computational complexity, we devise a generalized likelihood ratio test (GLRT) where probable malicious workers are first identified before a simple hypothesis test is performed. The identification of malicious workers is performed by a low-complexity probability-based rule that exploits a certain sparse structure inherent in the crowd data as well as the associated statistical assumptions. Computer simulations show that the proposed methods outperform the conventional energy detector.