Malware peddlers are taking advantage of the fact that Adobe has pulled its Flash Player app from Google Play and decided to concentrate on PC browsing and mobile apps bundled with Adobe AIR, and have begun offering Android malware disguised as the aforementioned legitimate software.
Banking on the likelihood that not many users have hears about that decision and are searching for Flash Player on official and unofficial online Android markets, Russian scammers have decided to set up a number of websites offering the bogus app.
“As of this writing, we’ve seen eight sites using Adobe’s logos and icons—all are linking to the same variant of OpFake Trojan disguised as the legit Flash Player for Android. All the Russian sites used different file names for their .APK files but they’re the same malicious variant,” say GFI researchers.
They even found one site in English offering Flash Player for Android, but the .apk file in question is bundled with adware that attempts to download other adware, and in the end offer instructions on how to get the fake Flash Player.
Unfortunately, those instructions actually make the unsuspecting users root their own devices, and then download a hacked version of the actual Flash Player app.
“While it is not malicious in itself, Adobe does not support it—worse, it could cause some problems to the device. With a rooted device, future updates of this hacked app may grant or install new permissions users are not aware of,” the researchers point out.