With Adobe no longer developing Flash player apps for Google's Android platform, scammers are exploiting the situation to spread malware disguised as Flash apps, a security vendor warned Wednesday night.
GFI Labs said Russian scammers have set up websites to fool users into downloading fake Flash Player apps to their Android devices.
"As of this writing, we’ve seen eight sites using Adobe’s logos and icons—all are linking to the same variant of OpFake Trojan disguised as the legit Flash Player for Android. All the Russian sites used different file names for their .APK files but they’re the same malicious variant," it said in a blog post.
Last Aug. 15 was the last day Adobe allowed users to download and install Flash Player for their Android devices. It is focusing on Flash for the PC browser and mobile apps bundled with Adobe AIR.
GFI said the scammers may be exploiting some Android users who were not aware of Adobe's decision.
Also, GFI noted an English website that also hosts a fake Flash Player file named adobeflashinstaller.apk, which is bundled with adware from a company called AirPush.
It said the adware is activated upon installation of the app and loads a screen where users can download more apps bundled with this adware.
"The app then loads a Home page containing instructions on how to get the fake Flash Player. Inexperienced smartphone owners would happily follow the step-by-step guide, not knowing that they’re actually rooting their smartphone devices," it said.
Once installed, the app connects to a forum post on XDA-Developers, a popular development community for smartphones and tablets, to download another .APK file.
The downloaded file is a hacked version of the actual Flash Player app.
"With a rooted device, future updates of this hacked app may grant or install new permissions users are not aware of," GFI warned.
The malware can start automatically in the background once the device is turned on or restarted.
"The only way to terminate it from running in the background is by manually doing a Force Stop from the Settings panel," it said. — TJD, GMA News