Wednesday, August 22, 2012

Cybercriminals Pushing Fake Flash Player for Android

Android FlashAre you looking to download Flash Player for Android? Click carefully or else you may wind up downloading malware instead.

According to researchers at GFI Labs, websites pushing malware posing as Adobe Flash Player for Android have been popping up everywhere as cybercriminals attempt to capitalize on Adobe’s decision to halt development on the mobile version of Flash Player and Google’s subsequent decision to pull the plug-in from the Play store.

A large number of the malicious sites are in Russian and they all offer the same variant of the OpFake Trojan. However, GFI Labs did find an English site hosting a fake Flash Player file called adobeflashinstaller.apk, which is bundled with adware from mobile ad network AirPush.

Once the phony app is installed, the adware is activated and users are presented with a screen that allows them to download additional apps bundled with it. From there, the app loads a Home page with what appears to be instructions on how to get the fake Flash Player, but are actually instructions on how to root your phone! (Rooting your phone is not necessary to install the legitimate Flash Player.)

After that is all said and done, the bogus app connects to a forum post on XDA-Developers to download a hacked version of the actual Flash Player app. Although the hacked version may not be malicious in itself, it still poses as a threat as it is not supported by Adobe and future updates of the app may grant or install new permissions unbeknownst to the end-user.

In addition to offering plenty of other junk apps and tricking users into rooting their phone, the adware strives to be a nuisance by:

  • Changing the user’s home page

  • Dropping shortcut files that lead to advertisements on the device and replace them if they are deleted by the user.

  • Sending pop-up ads to the phones notification bar every 15 minutes.

  • Sending all contacts stored in the device’s phonebook to advertisers.

  • Starting automatically whenever the device is turned on OR restarted. The only way to stop it is to hit the ‘Force Stop’ option in the Settings panel.


GFI Labs detects the OpFake variant as Trojan.AndroidOS.Generic.A and the adware bundled with it as Adware.AndroidOS.AirPush.A.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment