Android users now have to worry about a new malicious application that mimics the Adobe Flash Player application, and opens up the device to many dangerous malwares. This malicious app was first detected by computer security firm ESET and has been classified as a Trojan. Apparently, the application tricks users into granting special permissions and then uses these permissions to execute additional malware.Based on analysis conducted by a number of industry stakeholders, the Trojan appears to target Android devices, including those running the latest versions. The Trojan is propagated via various compromised websites including social media hubs and adult sites. Pretending to implement safety measures, the sites lure unsuspecting Android users to download a fake version of Adobe Flash Player update. Once the user falls for the legitimate-looking Adobe Flash Player update, and consequently runs the installation, they unlock a series of more deceptive screens.The next fake screen shows successful installation, but also claims that there’s excessive consumption of energy. And since the normal battery saving measure aren’t working, the user is asked to turn on a toggle to manually turn on ‘Battery Saving’ mode. This done, the Trojan will then request the user for permission to ‘Monitor your actions’, ‘Turn on Explore to Touch’ and ‘Retrieve window content’. The purpose of all these permission requests is to open the way for future malware by mimicking the user’s clicks.Once everything is enabled, the fake Adobe Flash then disappears from the screen. However, it’s busy contacting a server in the background, and furnishing it with information regarding the compromised phone. The server then sends back URL leading to malicious app selected by the hacker. Already, we have seen a banking malware, ransomware, and some spyware. Once the device receives the malicious URL, the phone will then display a fake lock screen but with no option to disable it, thus covering up for the malicious activity ongoing beneath it.

Check if your device is compromised

To check whether your Android device is compromised, navigate to your Accessibility Menu under settings. If you find a ‘Saving Battery’ option right then, then your device may very well be compromised.To remove this malicious Trojan app, go to Settings>Application Manager>Flash-Player and manually uninstall it. If you aren’t able to remove the app this way, simply navigate to Settings>Security>Flash-Player and disable administrator rights then uninstall the app.To make sure that your device hasn’t been infected with a horde of other malicious app, simply use a reputable antivirus app to scan it. To stay safe moving forward, make sure to avoid untrustworthy websites.
Image Source: McAfee

View Comments

What's my model number?

There are several ways to locate your model number:

Option 1
On your device, go to Settings, then "About device" and scroll down to "Model number"
Option 2
Often times you can view the model number inside the device, by removing the battery
Option 3
Using Samsung's model/serial number location tool

Looks like you're using an ad blocker.

We get it: ads aren't what you're here for...

But ad revenue is our only way to manage this site. Without ad revenue we won't be able to continue to provide quality content and free firmware downloads.

Please disable your ad blocker or whitelist in order to continue into Updato's ad-light experience.

Thanks for your support!