The problem with today’s mobile devices is that there is a constant library of malware itching to infect your system. Hackers, at least the really good black hats, are able to get unsuspecting users to click on malicious links. The links have really improved in terms of their authenticity of visual representation, and unless you study key elements like file names or URLs, it can fool anyone.
Such is the case with a new malware that is attacking Android users. As reported by welivesecurity, the malware Android/TrojanDownloader.Agent.JI utilizes a fake Adobe Flash download notice as shown in the below image:
The image is actually quite similar to the untrained eye to the real Flash download page. Notice the address bar, however, and you will see the biggest indicator that this link is fake. A real Flash download page will contain the URL “https://get.adobe.com/flashplayer/” or something quite similar. The company name will be shown alone and the URL will be a “.com” ending instead of “.info”.
Nevertheless, if you fall for the fake you then have set in motion a series of further avenues of infection. Following the initial download, a message using the Android mascot (that cute alien dude) will state you are engaging in “too much consumption of energy.” The relentless popup message will not cease until you enable the fake “Saving Battery” mode as seen below:
Once this is done, bluntly, you are royally screwed. The malware begins to communicate with a server that gives the hacker information on the infected device. After a few more bogus, uncontrollable, installations, the attacker is able to leverage root access and gain total control of your Android device.
According to the report, this malware is most prevalent on (surprise, surprise) pornographic sites. It is also, however, found on social media through the various spam that can exist in this particular medium. Obviously, the first and most effective strategy to stopping this malware is not downloading it (aka not falling for bogus links). This is not always an option, and take heart, there are ways to handle this should you become infected.
Once infected you can try to slow down the progress of the malware by revoking the previous permissions you gave to this threat. You can also attempt to manually uninstall the downloader by going to Settings -> Application Manager -> Flash-Player. This is only part of the process, however, as Android/TrojanDownloader.Agent.JI functions by installing numerous other forms of malware on your device.
The only true way to remove the infection is utilizing a reputable security application for mobile devices. I personally use Kaspersky’s Internet Security for Android, but feel free to seek out other products.
No matter what, let this be a lesson to all that seemingly legitimate links that ask for downloads should be treated with extreme hostility.
Photo credit: Flickr / Rob Bulmahn
3 thoughts on “Android malware cloaks itself as fake Adobe Flash download”
Will this download if the device is set to only download from the Playstore?
I wouldn’t bet on that being a total deterrent. Since it is a virus you may still be able to override those controls and accidentally install the malware. Since it isn’t an actual app, there is probably a work-around in the code. Just my two cents. Hackers anticipate things like that.
Damn i wish i saw this sooner, i got infected, i couldnt open anything that had to do with virus scanners or deleting it as it would just kick me out instantly, even in settings when i go to disable it, i was fast enough to click on it, disable it and click ok to confirm as it always kicked me out basically instantly, it worked so i deleted it and then ran a virus scanner. No other viruses were found though and i also had to repair some files