Researchers at ESET, the largest maker of digital security software in the EU, have identified a new dangerous application for Android devices. It pretends to be Adobe Flash Player and can spread different types of extremely dangerous malicious software. The application, detected by ESET as Android/TrojanDownloader.Agent.JI, spreads malware through websites, especially those intended for adult audiences, but also through social networks, which forces the user to download a fake update to Adobe Flash Player. If the victim is fooled by the fake update screen, which is exactly like the legitimate one, and starts the installation, problems will start for the user.

In fact, after installation, another false display, an alert of excessive battery consumption urgently requires the user to activate a false energy saving mode. As in most malicious software, these messages will not stop appearing until the victim enables the service. This opens the Android accessibility menu, and among legitimate services a new one (created by malware during installation) called "Saving battery" will appear. This service will request permission to verify the user actions, recover the contents of the windows and enable the tactile exploration (essential functions for the future of the malicious activity). From that moment on, the hacker will be able to simulate users' clicks and select what is displayed on their screens.

Fake Adobe Flash Player to spread malware on Android 1

How to uninstall fake Adobe Flash Player

In the case studied by ESET, this is a banking malware, although the fake application could transmit any type of malware, adware and even spyware, without excluding ransomware. At this point, malware is able to download, install, run and activate other malicious programs with administrator rights on the device, without the need of user consent, all hidden by the false lock screen.

After the application gets what it wanted, the lock screen disappears and the user can reuse their mobile device, but now it is compromised by the downloaded malware. To check if your device has installed a fake Adobe Flash Player app, you need to check if "Saving battery" is in the list of services in the Accessibility menu. If it is between services, the device is infected.

To remove the downloaded program, try to uninstall the application as indicated here. Go to Settings > Applications > Flash Player. In some situations, the downloaded program also prompts the user to enable administrator rights on the device. If they are activated and the application can not be uninstalled, you must disable the administrator rights by clicking Settings > Security > Flash Player and then proceed with the uninstallation.

Fake Adobe Flash Player to spread malware on Android