Android users now have to worry about a new malicious application that mimics the Adobe Flash Player application, and opens up the device to many dangerous malwares. This malicious app was first detected by computer security firm ESET
and has been classified as a Trojan. Apparently, the application tricks users into granting special permissions and then uses these permissions to execute additional malware.
Based on analysis conducted by a number of industry stakeholders, the Trojan appears to target Android devices, including those running the latest versions. The Trojan is propagated via various compromised websites including social media hubs and adult sites. Pretending to implement safety measures, the sites lure unsuspecting Android users to download a fake version of Adobe Flash Player update. Once the user falls for the legitimate-looking Adobe Flash Player update, and consequently runs the installation, they unlock a series of more deceptive screens.
The next fake screen shows successful installation, but also claims that there’s excessive consumption of energy. And since the normal battery saving measure aren’t working, the user is asked to turn on a toggle to manually turn on ‘Battery Saving
’ mode. This done, the Trojan will then request the user for permission to ‘Monitor your actions
’, ‘Turn on Explore to Touch
’ and ‘Retrieve window content
’. The purpose of all these permission requests is to open the way for future malware by mimicking the user’s clicks.
Once everything is enabled, the fake Adobe Flash then disappears from the screen. However, it’s busy contacting a server in the background, and furnishing it with information regarding the compromised phone. The server then sends back URL leading to malicious app selected by the hacker. Already, we have seen a banking malware, ransomware, and some spyware. Once the device receives the malicious URL, the phone will then display a fake lock screen but with no option to disable it, thus covering up for the malicious activity ongoing beneath it.
Check if your device is compromised
To check whether your Android device is compromised, navigate to your Accessibility Menu
under settings. If you find a ‘Saving Battery
’ option right then, then your device may very well be compromised.
To remove this malicious Trojan app, go to Settings>Application Manager>Flash-Player
and manually uninstall it. If you aren’t able to remove the app this way, simply navigate to Settings>Security>Flash-Player
and disable administrator rights then uninstall the app.
To make sure that your device hasn’t been infected with a horde of other malicious app, simply use a reputable antivirus app
to scan it. To stay safe moving forward, make sure to avoid untrustworthy websites.
Image Source: McAfee