ESET Ireland warns unwary users who fall for installing the malware might find their mobile devices held ransom or bank accounts emptied.
ESET researchers discovered a dangerous new app targeting Android devices, that is capable of downloading and executing additional malware. Detected by ESET security software as Android/TrojanDownloader.Agent.JI, the trojan is distributed via compromised websites and masquerades as a Flash Player update.
Following installation, the malware creates a fake ‘Saving Battery’ service in the Android system and urges the victim to grant it crucial permissions within Android’s Accessibility functions. If granted, these permissions – Monitor your actions, Retrieve window content and Turn on Explore by Touch – enable the attacker to mimic the user’s actions and display whatever they want on the user’s screen.
The key indicator of whether a device has been infected with this malware is the presence of a “Saving Battery” option amongst Services in the Accessibility menu. In such a case, the user should either employ a reputable mobile security app, such as ESET Mobile Security & Antivirus, to remove the threat or uninstall the app manually by going to Settings -> Application Manager -> Flash-Player.
ESET security experts have prepared a set of basic recommendations for preventing infection with mobile malware:
- Only download apps or updates from a trustworthy source – in the case of an Adobe Flash Player update, the only safe place to get it from is the official Adobe website. Always check the URL address in your browser.
- Pay attention to what permissions and rights your apps request.
- Use a reputable mobile security solution.
The full story, including screenshots, is available on ESET Ireland’s Official Blog.