NEWS FROM THE LAB - Thursday, February 20, 2014

Android Malware Charges For Flash Player Posted by Sean @ 15:28 GMT

Fake (malicious) Flash Player apps for Android are nothing new. It's very typical bait.

But recently, we came across a "Flash Installer" whose audacity is off the scale.

The so-called installers are dropped by other Android malware and look like this:

So-called Flash Player installers
(SHA1: 1398b8369e16a632dae67f3382bc7bcea748749a)

When the app is opened, the user is prompted to pay five bucks!

Instant Download PayPal

And what do you get if you pay? A download link for Adobe Flash Player at adobe.com! That's right. Pay five bucks and you'll receive a download link to the authentic source.

Biggest. Ripoff. Ever.

You can also pay for download links to a YouTube MP3 downloader and Flappy Bird.

Flash, YouTube, Flappy Bird

Caveat emptor.


Analysis provided by — Marko