New Android Malware Masquerading As Flash Player

3161 0

ESET Ireland warns unwary users who fall for installing the malware might find their mobile devices held ransom or bank accounts emptied.

ESET researchers discovered a dangerous new app targeting Android devices, that is capable of downloading and executing additional malware. Detected by ESET security software as Android/TrojanDownloader.Agent.JI, the trojan is distributed via compromised websites and masquerades as a Flash Player update.

Following installation, the malware creates a fake ‘Saving Battery’ service in the Android system and urges the victim to grant it crucial permissions within Android’s Accessibility functions. If granted, these permissions – Monitor your actions, Retrieve window content and Turn on Explore by Touch – enable the attacker to mimic the user’s actions and display whatever they want on the user’s screen.

The key indicator of whether a device has been infected with this malware is the presence of a “Saving Battery” option amongst Services in the Accessibility menu. In such a case, the user should either employ a reputable mobile security app, such as ESET Mobile Security & Antivirus, to remove the threat or uninstall the app manually by going to Settings -> Application Manager -> Flash-Player.

ESET security experts have prepared a set of basic recommendations for preventing infection with mobile malware:

  • Only download apps or updates from a trustworthy source – in the case of an Adobe Flash Player update, the only safe place to get it from is the official Adobe website. Always check the URL address in your browser.
  • Pay attention to what permissions and rights your apps request.
  • Use a reputable mobile security solution.

The full story, including screenshots, is available on ESET Ireland’s Official Blog.


In this article