Victims asked to transfer money via PayPal to install Flash Player

Aug 16, 2014 12:43 GMT  ·  By

An older scam consisting in asking Android users for money in exchange for the installation of Flash Player on the mobile device keeps popping up on Google Play.

It seems that this type of deceit has been going on for a long time, since security researchers at McAfee say that they spotted the malicious file in Google’s market place since the end of 2013, identifying it as Android/Fladstep.B.

According to the researchers, the fake app tries to make users to pay some money via PayPal in order to have Flash Player on their devices so that they can access content that requires it.

Daisuke Nakajima, mobile malware researcher at McAfee, says as soon as launched the malicious app launches a web page informing that Android needs a version of Flash Player and requesting €5 / $6.70 for adding it to the device.

Researchers say that in some cases, the web page requesting the payment is hosted on a web server located in Turkey; however, they have also found it hosted on machines in the United States.

“If the user pays the fee with the PayPal account, the web page shows a download link to Flash Player that is the legitimate URL of Adobe’s download site,” says Nakajima in a blog post.

To increase the success of the scam, the crooks provide information that the app installed through their service can automatically detect the Flash Player version that is required by the Android version running on the victim’s device.

Also, it is claimed that the payment is not just for the installer, since a tutorial file is also provided to the buyer. According to the researcher, the tutorial bait is shown in the images on the malicious app’s page.

Apart from getting the money for installing Flash, the scammers also collect the name and the email address of the victim, through the PayPal transaction.

This allows the cybercrooks to target them in future malicious campaigns, not necessarily for paying for Android apps, but spam or phishing.

“Flash Player will continue to benefit malware authors due to its popularity. And this type of scam will continue because criminals can easily and directly get money from their victims using popular online payment services,” says Nakajima.

Cybercriminals have tried multiple times to take advantage of less technical users and rip them off. Even if the malicious apps are pulled quite fast, they still manage to make tens of thousands of downloads; moreover, they resurface under a different name and developer account.

Adobe removed support for Flash on Android, but there are still some archives available online that work with older versions of the operating systems, IceCream Sandwich in the context of this scam.

Photo Gallery (3 Images)

Flash player installer app
Web page requesting payment for installing FlashFlash Player downloaded from Adobe
Open gallery