CrAKeN Posted April 5, 2017 Share Posted April 5, 2017 The scam app A malicious Adobe Flash Player scam app was found in the Google Play Store by security researchers and promptly removed by Google. Unfortunately, the app had been in the store since November 2016, managing to get somewhere between 100,000 and 500,000 downloads. Dubbed F11, this app wasn't your typical downloader, ransomware or damage-doing tool since it did not contain any harmful code. It was, however, a social-engineering-based scam, tricking people into paying $19 for Adobe Flash Player. Flash Player for Android has always been available for free and was actually discontinued back in 2012 due to its many security vulnerabilities. "Factually, this is a scam. Legally, the crooks behind this operation tried to avoid the scam label. However, because of how they implemented their trick, it's safe to call it a scam," says Lukáš Štefanko, ESET malware researcher who led the investigation. How does it work Once someone downloaded the app, the app displayed a tutorial detailing how to download Flash Player, complete with a link. On that page, the user is directed to PayPal to pay $19 to buy Flash Player. "The authors of this scam have gone a long way to make it appear as a legitimate business. For example, the app was listed in the educational section of the Play store. However, the shopping basket at PayPal reveals the true nature of the operation: the item in it is called Flash Player 11," Stefanko comments. ESET notes that this is the place where the operation makes the turn from expensive and unnecessary advice to pure scam because they claim to be selling something they have no right to. Obviously, only Adobe has the right to sell Flash Player, and not even they asked money for it. Once the payment is made, the scam seeks to provide something in exchange for the money, so a new page is displayed. There's a link to a Flash Player installation tutorial and extra tips that push users to allow app installations from third-party app stores, to install Firefox or Dolphin browsers on their devices and so on. At the end of it all, people will be able to play Flash content on their devices, but that's no thanks to any tip they got from these folks, but rather to the browser they chose to install. So, as a general rule, try to avoid installing suspicious apps. This one may not have had any malicious code, but others could have and could take control of your phone before you even realize that happens. Source Link to comment Share on other sites More sharing options...
luisam Posted April 6, 2017 Share Posted April 6, 2017 On first place, how they made users to belive they NEED Flash Player for Android? What might be the use of a Flash Player on Android? You don't even need it on computers, except maybe for some specific Webpages! And how they made people believe they had to pay 19 USD for a piece of software that is Free? Looks too many "dumbpeople" have those smartphones with money to spend. By the way, controls on Google Play are really unfunctional, to have running a notorious scam since November, without it being detected! About 5 months! Link to comment Share on other sites More sharing options...
Holmes Posted April 6, 2017 Share Posted April 6, 2017 It says in the article its not a malicious app it doesnt contain any harmful code it just tricks users into buying something from someone thats not adobe some people fall for it some dont its not malicious. The only malicious part of this app is the intentions of the people behind it trying to scam people. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.