Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Scammers Pushing Fake Flash Player onto Android Devices

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

As of last week, Flash Player for Android is no longer available from Google Play marketplace, and scammers are filling the gap with fake versions of the software, Jovi Umwaing, a researcher with GFI Labs, wrote on the company blog today. The fake version of Fake Player discovered by GFI Labs also comes with an SMS Trojan inside.

Adobe said Aug. 15 was the last day Flash Player would be available on Google Play, as the company was shifting its focus to AIR, a runtime environment which would allow Flash apps to run on mobile devices natively. Ever since Flash was removed from official sources, GFI Labs reserachers have observed eight sites using Adobe’s logos and icons and offering a fake version of Flash Player.

“It’s possible that some Android users have missed that deadline, so they venture onto other parts of the Internet in search of alternative download sites,” Umawing wrote.

The fake player on all eight sites have different names, but are actually the same variant of the OpFake Trojan, Umawing said. The names include flash_player_android_v1.1_installer, flash_player_11, flash_player_android_installer, and Adobe_Flashplayer_apk_install. This particular OpFake variant is regularly repackaged into other applications and distributed to new download servers every two or three days, Umawing said.

Another English app marketplace is hosting an adobeflashinstaller.apk which is bundled with adware from a mobile ad network called AirPush, Umawing said. As soon as the user installs the app, it loads a screen where users can download more apps, and another page providing instruction on how to get the fake Flash Player.

“Inexperienced smartphone owners would happily follow the step-by-step guide, not knowing that they’re actually rooting their smartphone devices,” Umawing wrote.

Afterwards, the app downloads another APK file, which happens to be a hacked version of Adobe’s Flash Player. The app isn’t necessarily malicious, but since it’s no longer authorized by Adobe, it’s dangerous to have on the mobile device as the scammers can update it to cause other problems down the road, according to the post.

Advertisement. Scroll to continue reading.

The app drops shortcut files, which leads to even more advertisements, and sends pop-up ads to the phone’s status bar every 15 minutes. It can also read and send phonebook contacts back to the ad network’s advertisers.

“You may come across other websites claiming to host the latest version of Flash Player. In that case, better to steer clear from them and download only from Google Play,” Umawing suggested.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.