14 DAY TRIAL // Security experts warn Android users to be on the lookout for fake Adobe Flash Player installers, since they’ve been found to carry all sorts of malicious elements.
Starting with August 15, only Android users who already have Flash Player installed on their devices will have access to updates. Those who don’t have it can’t download it anymore, at least not from Google Play or other legitimate sources. Adobe wants to contribute to HTML 5 by focusing its efforts on PC browsing and mobile apps.
Cybercriminals are counting on this, hoping that some users will try to get Flash Player from other websites.
So, while files such as flash_player_android_v.11_installer.apk and adobeflashplayer_11_153_installer.apk appear to be legitimate Flash Player installers for Android, in actuality, it depends very much on where they’re taken from.
A number of such files are being served on third-party Android app markets (mainly from Russia), but they’re not legitimate at all. They have been found to hide mobile malware and adware.
GFI researchers report that the names of the files vary, but they all contain a variant of the old OpFake Trojan, identified as Trojan.AndroidOS.Generic.A.
However, not only Russian app stores serve shady Flash Players. A website that addresses English speakers has been found to host files that are bundled with a piece of adware from AirPush.
Once installed, the application instructs the user on how to root his/her phone. Then, a forum post is displayed, containing a link to a hacked version of Flash Player. Experts warn that such apps could allow cybercriminals to hack into the device.
The adware – Adware.AndroidOS.AirPush.A – is capable of creating shortcuts which lead to advertisement websites, changing the homepage, push pop-up ads every few minutes, and even read the victim’s contact data. The contact details are used to send advertisements to all the individuals in the phonebook.
This isn’t the first time when AirPush is associated with rogue Android applications. Back in May, Trend Micro experts identified 10 such apps.