Cybercriminals take advantage of Android Flash Player gap on Google Play

Cybercriminals are trying to capitalize on Adobe’s decision to stop distributing Android Flash Player to new users via Google Play by creating malware and adware apps that masquerade as Flash Player installers.

Since Aug. 15, Android users who didn’t already have Flash Player installed on their devices could no longer obtain it from Google Play.

This is the result of Adobe’s decision to phase out Android Flash Player in favor of Adobe AIR, a cross-platform runtime environment that enables developers to package native apps for different mobile platforms and devices.

“Of course, it’s possible that some Android users have missed that deadline, so they venture on to other parts of the Internet in search of alternative download sites,” Jovi Umawing, a communications and research analyst at GFI Software, said Wednesday in a blog post.

This is precisely what cybercriminals are counting on, as GFI’s security researchers have already identified multiple SMS Trojan apps packaged as Flash Player for Android.

Most of these apps are distributed from third-party Russian app stores and websites. However, the company’s researchers have also come across an English-language scam that tried to pass an adware app as Android Flash Player.

This particular piece of adware creates shortcut files on the home screen that lead to advertisements, displays ads via Android’s notification bar every 15 minutes and sends information about the user’s contacts to advertisers, Umawing said.

The rogue adware installer also downloads and installs a modified version of Flash Player from XDA-Developers, a legitimate online community of mobile developers.

“While [the modified Flash Player] is not malicious in itself, Adobe does not support it — worse, it could cause some problems to the device,” Umawing said. “With a rooted device, future updates of this hacked app may grant or install new permissions users are not aware of.”

Researchers from security vendor Webroot have also noticed the wave of rogue apps masquerading as Android Flash Player that appeared on the Internet after Adobe decided to stop distributing the software through Google Play.

The fake Flash Player installers detected by Webroot’s researchers consist of the same type of premium-rate SMS sending Trojan apps and adware that GFI’s researchers observed.

For example, one particular app claiming to be Android Flash Player only installs a Flash Player icon that opens a page full of advertisements in the browser when clicked, Webroot security researcher Joe McManus said in a blog post on Thursday.

“These types of apps are annoying and really are meant to drive web traffic to sites so the developer can receive pay-per-click revenue, and in this case they deceive the customer into thinking they’re getting a known productive app,” McManus said.

Users who missed Adobe’s deadline and still want to install Android Flash Player don’t need to go looking for it on third-party app stores and other websites that they don’t trust.

The latest version of the software is still available in Adobe’s official Flash Player archive and can be downloaded from there. However, users who install it this way will not automatically receive future updates for critical bugs that Adobe will release via Google Play to existing users.