Beware of Fake Flash Player apps on Google Play

Quick Heal Security Labs has found 2 fraudulent apps pretending to be Adobe Flash Player on the Google Play Store. Presently, no official apps of Adobe Flash Player are available on the Play Store. The rest of the post will tell you more.

Fake App #1. Plugin for Video Flash Player

 

About the app
Once installed, the Plugin for Video Flash Player app asks the user to change its setting depending on the Android version of the phone {fig 1 (a)}. If the settings are changed as asked, a link is shown to download the Adobe Flash player {fig 1 (b)}. The link redirects the user to a web page that contains instructions on how to download the app. The web page also asks the user to pay 18 Euros (Rs. 1353.64/-) via PayPal to be able to download the flash player {fig 1 (c)}.

Our analysis
The app is fake and has been designed to steal money from unsuspecting users.

 Current status
The app has been removed from the Play Store.

Fake App #2. Flash Player for Android

About the app
The Flash Player for Android app claims to help users download an Adobe Flash Player plugin for Android mobile phones. The app has also mentioned in its description that it runs on an experimental technology and some resource may not work

Our analysis
The app is fake and does not download any plugin but throws a pop-up on the screen for downloading and installing a plugin. Hence, it only serves advertisements to the user to make money for the app developer.

Current Status
The app is present on the Play Store and it has been downloaded between 1,000,000 – 5,000,000 times.

 

 

 

Third-party Fake App
Quick Heal Security Labs has found a similar app on a third-party app store that steals user’s private information by pretending to be a Flash Player app.

About the app
As shown in Fig 3, this app looks genuine. Such apps are commonly hosted on third party app stores or distributed on video streaming websites where the user gets a prompt to download an updated version of Flash Player.

 

Our analysis

1. When the app is downloaded, the user receives an “Activate Device Administrator” pop-up {Fig 3 (a)}. Selecting Cancel does not help as the message keeps popping up until the user selects Activate.

2. If the user selects Activate, the window disappears but the app keeps running in the background carrying out malicious tasks.

– It checks for new apps that have been installed or deleted from the device and specifically targets social and banking apps {fig 3(b)}

– It steals the user’s personal information and share it  to  C&C server controlled by the attacker {(Fig 3 (c) & 3 (d)}

 

– When a targeted app is opened by the user, the malware displays a fake online banking login page that looks genuine but is a phishing attack in reality {3 (e)}. Any information given on this page goes to the attacker.

Download the Technical Analysis Report from the PDF below

 

Steps to stay away from fake and malicious apps

1. Before downloading any app, verify its source. For example, in this case, visit Adobe’s official website (adobe.com) and check the official Flash Player App to download according to your Android OS version. However, all versions after Android 4.1 are already equipped with the Flash Player and there is no need to download it.

2. Never trust third-party app stores for downloading apps, particularly banking apps. Always go for official stores such as Google Play Store. While fake and sometimes, malicious apps land up on the Play Store, if possible check reviews before installing apps from playstore, it is still safer than elsewhere.

3. Always keep “Unknown Sources” disabled. Enabling this option allows installation of apps from unknown sources.

4. Install a reliable mobile security app that prevents harmful apps getting on your device.

 

ACKNOWLEDGMENT

– Subject Matter Expert
Anand Singh | Quick Heal Security Labs