New Android Trojan dupes victims with malicious fake Flash security update. Once initiated it can repeatedly download other malware of its choice to surreptitiously infect the device.
The malicious app that imitates Adobe Flash Player tricks users into believing that their app requires a safety update. The fake update screen looks pretty authentic too. This malware targets even the latest Android operating system versions and the perpetrators spread this Trojan through social media and adult websites.
Once the user downloads the malicious app it asks the victim to grant special permissions. These permissions are then used to download further malicious apps in the background.
When the user runs the purported “update”, another fake popup appears on the screen. This popup with an Android logo warns the user that “TOO MUCH CONSUMPTION OF ENERGY” is taking place and that “Saving Battery” needs to be turned ON. And if the victim turns it ON, then the fake “Saving Battery” app requests permission to “Monitor Your Actions”, “Retrieve window content” and “Turn on Explore by Touch”. These are pretty sensitive permissions that the users must be wary of.
Now the fake Flash Player icon hides from the main screen and the malware contacts its Command & Control Server. Information about the device and apps on the device are sent. The C&C server then sends a link to a malicious application to the infected device. The malicious application which could be ransomware, spyware or any other type of malware gets downloaded onto the device. The device also gets infected with a bogus lock screen which cannot be closed.
The malware makes effective use of the special permissions that it had been granted. The permissions allow it to grant administrative rights for all malicious apps that it downloads. The lock screen disappears after the other malware have been installed. The device now appears to act normally to the user. If spyware had got installed then it could steal information being transferred through the device. And the victim will probably not suspect that the device contains malware.
Users who suspect that they may have installed the fake Flash Player update can confirm if their device has been infected by searching for ‘Saving Battery’ under Services. If this service exists then try to manually uninstall the app, and if that is not possible then deactivate the administrator rights first and then try to uninstall the app.
Mobile device users must take certain other precautions such as downloading apps only from the appropriate authorized play stores or directly from the application’s authentic website. Further, user’s must be wary of the permissions that an app asks for during installation. Refrain from installing apps that ask for special permissions that it may not be appropriate.