Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Scammers Pushing Fake Flash Player onto Android Devices

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

As of last week, Flash Player for Android is no longer available from Google Play marketplace, and scammers are filling the gap with fake versions of the software, Jovi Umwaing, a researcher with GFI Labs, wrote on the company blog today. The fake version of Fake Player discovered by GFI Labs also comes with an SMS Trojan inside.

Adobe said Aug. 15 was the last day Flash Player would be available on Google Play, as the company was shifting its focus to AIR, a runtime environment which would allow Flash apps to run on mobile devices natively. Ever since Flash was removed from official sources, GFI Labs reserachers have observed eight sites using Adobe’s logos and icons and offering a fake version of Flash Player.

“It’s possible that some Android users have missed that deadline, so they venture onto other parts of the Internet in search of alternative download sites,” Umawing wrote.

The fake player on all eight sites have different names, but are actually the same variant of the OpFake Trojan, Umawing said. The names include flash_player_android_v1.1_installer, flash_player_11, flash_player_android_installer, and Adobe_Flashplayer_apk_install. This particular OpFake variant is regularly repackaged into other applications and distributed to new download servers every two or three days, Umawing said.

Another English app marketplace is hosting an adobeflashinstaller.apk which is bundled with adware from a mobile ad network called AirPush, Umawing said. As soon as the user installs the app, it loads a screen where users can download more apps, and another page providing instruction on how to get the fake Flash Player.

“Inexperienced smartphone owners would happily follow the step-by-step guide, not knowing that they’re actually rooting their smartphone devices,” Umawing wrote.

Afterwards, the app downloads another APK file, which happens to be a hacked version of Adobe’s Flash Player. The app isn’t necessarily malicious, but since it’s no longer authorized by Adobe, it’s dangerous to have on the mobile device as the scammers can update it to cause other problems down the road, according to the post.

The app drops shortcut files, which leads to even more advertisements, and sends pop-up ads to the phone’s status bar every 15 minutes. It can also read and send phonebook contacts back to the ad network’s advertisers.

“You may come across other websites claiming to host the latest version of Flash Player. In that case, better to steer clear from them and download only from Google Play,” Umawing suggested.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.