Scammers have already begun to take advantage of Adobe’s recent
decision to remove its Flash Player from Android’s Google Play
marketplace. Last week's removal has prompted scammers to start
promoting fake versions of the software to unsuspecting smartphone
owners. While researching the scamware, security firm GFI Labs uncovered
a separate fake version of the Flash Player that's not only bogus but
an SMS Trojan that comes bundled with adware.
According to a post on the company’s blog,
the app named 'adobeflashinstaller.apk' comes replete with adware from
the mobile ad network AirPush. Once installed, the app tricks users into
following a series of steps to root their phone before downloading
another .APK file. This file, hosted on a XDA-Developers forum post, is a
hacked version of Adobe’s Flash Player app. While the app isn’t
necessarily malicious, it’s not authorized by the company, meaning it’s
possible the app could grant or install permissions without the users’
knowledge further down the line.
Meanwhile, the app’s adware leads
to the installation of advertisements on the phone. If the user tries
to deletes them, the adware will simply add more of them. The adware
also will change the users’ home page; send pop-up ads to the phone’s
status bar every fifteen minutes and even read and send the users’
phonebook contacts to advertisers.
Adobe ceased development on
Flash Player for Android on August 15 after announcing it was shifting
its focus to AIR, a runtime environment that allows apps that utilize
Flash to run on devices natively. Adobe added that the current version
of Flash Player as it stands may exhibit “unpredictable behavior” when the next version of Android, Jelly Bean, is further rolled out.
Courtesy by Christopher Brook
No comments:
Post a Comment