New Android Malware Masquerading As Flash Player

ESET Ireland warns unwary users who fall for installing the malware might find their mobile devices held ransom or bank accounts emptied.

ESET researchers discovered a dangerous new app targeting Android devices, that is capable of downloading and executing additional malware. Detected by ESET security software as Android/TrojanDownloader.Agent.JI, the trojan is distributed via compromised websites and masquerades as a Flash Player update.

Following installation, the malware creates a fake ‘Saving Battery’ service in the Android system and urges the victim to grant it crucial permissions within Android’s Accessibility functions. If granted, these permissions – Monitor your actions, Retrieve window content and Turn on Explore by Touch – enable the attacker to mimic the user’s actions and display whatever they want on the user’s screen.

The key indicator of whether a device has been infected with this malware is the presence of a “Saving Battery” option amongst Services in the Accessibility menu. In such a case, the user should either employ a reputable mobile security app, such as ESET Mobile Security & Antivirus, to remove the threat or uninstall the app manually by going to Settings -> Application Manager -> Flash-Player.

ESET security experts have prepared a set of basic recommendations for preventing infection with mobile malware:

• Only download apps or updates from a trustworthy source – in the case of an Adobe Flash Player update, the only safe place to get it from is the official Adobe website. Always check the URL address in your browser.
• Pay attention to what permissions and rights your apps request.
• Use a reputable mobile security solution.

The full story, including screenshots, is available on ESET Ireland’s Official Blog.