Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Scammers Pushing Fake Flash Player onto Android Devices

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

Many users are downloading the fake versions of Flash Player for Android on their mobile devices, according to GFI Labs

As of last week, Flash Player for Android is no longer available from Google Play marketplace, and scammers are filling the gap with fake versions of the software, Jovi Umwaing, a researcher with GFI Labs, wrote on the company blog today. The fake version of Fake Player discovered by GFI Labs also comes with an SMS Trojan inside.

Adobe said Aug. 15 was the last day Flash Player would be available on Google Play, as the company was shifting its focus to AIR, a runtime environment which would allow Flash apps to run on mobile devices natively. Ever since Flash was removed from official sources, GFI Labs reserachers have observed eight sites using Adobe’s logos and icons and offering a fake version of Flash Player.

“It’s possible that some Android users have missed that deadline, so they venture onto other parts of the Internet in search of alternative download sites,” Umawing wrote.

The fake player on all eight sites have different names, but are actually the same variant of the OpFake Trojan, Umawing said. The names include flash_player_android_v1.1_installer, flash_player_11, flash_player_android_installer, and Adobe_Flashplayer_apk_install. This particular OpFake variant is regularly repackaged into other applications and distributed to new download servers every two or three days, Umawing said.

Another English app marketplace is hosting an adobeflashinstaller.apk which is bundled with adware from a mobile ad network called AirPush, Umawing said. As soon as the user installs the app, it loads a screen where users can download more apps, and another page providing instruction on how to get the fake Flash Player.

“Inexperienced smartphone owners would happily follow the step-by-step guide, not knowing that they’re actually rooting their smartphone devices,” Umawing wrote.

Afterwards, the app downloads another APK file, which happens to be a hacked version of Adobe’s Flash Player. The app isn’t necessarily malicious, but since it’s no longer authorized by Adobe, it’s dangerous to have on the mobile device as the scammers can update it to cause other problems down the road, according to the post.

Advertisement. Scroll to continue reading.

The app drops shortcut files, which leads to even more advertisements, and sends pop-up ads to the phone’s status bar every 15 minutes. It can also read and send phonebook contacts back to the ad network’s advertisers.

“You may come across other websites claiming to host the latest version of Flash Player. In that case, better to steer clear from them and download only from Google Play,” Umawing suggested.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.