Security Experts:

Scammers Pushing Fake Flash Player onto Android Devices

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

As of last week, Flash Player for Android is no longer available from Google Play marketplace, and scammers are filling the gap with fake versions of the software, Jovi Umwaing, a researcher with GFI Labs, wrote on the company blog today. The fake version of Fake Player discovered by GFI Labs also comes with an SMS Trojan inside.

Adobe said Aug. 15 was the last day Flash Player would be available on Google Play, as the company was shifting its focus to AIR, a runtime environment which would allow Flash apps to run on mobile devices natively. Ever since Flash was removed from official sources, GFI Labs reserachers have observed eight sites using Adobe's logos and icons and offering a fake version of Flash Player.

"It's possible that some Android users have missed that deadline, so they venture onto other parts of the Internet in search of alternative download sites," Umawing wrote.

The fake player on all eight sites have different names, but are actually the same variant of the OpFake Trojan, Umawing said. The names include flash_player_android_v1.1_installer, flash_player_11, flash_player_android_installer, and Adobe_Flashplayer_apk_install. This particular OpFake variant is regularly repackaged into other applications and distributed to new download servers every two or three days, Umawing said.

Another English app marketplace is hosting an adobeflashinstaller.apk which is bundled with adware from a mobile ad network called AirPush, Umawing said. As soon as the user installs the app, it loads a screen where users can download more apps, and another page providing instruction on how to get the fake Flash Player.

"Inexperienced smartphone owners would happily follow the step-by-step guide, not knowing that they're actually rooting their smartphone devices," Umawing wrote.

Afterwards, the app downloads another APK file, which happens to be a hacked version of Adobe's Flash Player. The app isn't necessarily malicious, but since it's no longer authorized by Adobe, it's dangerous to have on the mobile device as the scammers can update it to cause other problems down the road, according to the post.

The app drops shortcut files, which leads to even more advertisements, and sends pop-up ads to the phone's status bar every 15 minutes. It can also read and send phonebook contacts back to the ad network's advertisers.

"You may come across other websites claiming to host the latest version of Flash Player. In that case, better to steer clear from them and download only from Google Play," Umawing suggested.

Subscribe to the SecurityWeek Email Briefing
view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.
view counter