Security researchers have recently discovered a new Android Trojan that can harvest a victim’s contact list, send and intercept SMS (text) messages, make phone calls (including calls to premium numbers), and install additional malware packages – all at the same time.
Needless to say, Android users must be on the alert and make sure they install an antivirus for Android to protect them from such threat. However, it’s important that we draw attention to what triggers the infection and makes the Trojan easily spread among unsuspecting Android users: phishing emails that trick them into downloading a fake Adobe Flash Player update. When users click on the link that supposedly installs an Adobe Flash Player update, they end up downloading the evil Android Trojan.
Which prompts us to warn you:
Watch out for fake Adobe Flash Player updates!
Fake Adobe Flash Player update pop-ups are some of the oldest tricks in the book. And internet users still fall for them. In reality, Adobe Flash Player is a legitimate functionality used for video applications, games (many of the Facebook games are using Flash Player), web players (such as Youtube), banners/advertisements and even entire websites. Thus, it is important to have Adobe Flash Player updated at all times. However, cybercrooks often leverage its importance and popularity and create malware disguised as Adobe Flash Player updates.
How do they work?
Unsuspecting users see a notice on a webpage or a pop-up window telling them that, in order for them to continue with what they’re doing, they need to update their Adobe Flash Player. When users click on it, a download immediately starts – sometimes users unsuspectingly start the download themselves or the fake update silently installs itself within the browser.
What are they capable of doing?
Unfortunately, malware is ever-evolving. It changes both in structure and behaviour, so there are many things it could do to a machine it lands on. They are known to steal passwords and take over e-mail accounts (login details and contacts), install other malware, such as the Police Trojan (ransomware) or other infections.
What can you do, if you fall for the fake Adobe Flash Player update trick?
- If you are not sure that the update you’ve installed is genuine, you should immediately start a full antivirus scan of your device.
- You should also disable any toolbars or browser add-ons that you did not install yourself. Here is a guide to help you: how to remove browser toolbars.
- In order to avoid falling victim, always be careful what you click on! Do not open email attachments or links from unknown senders. If you want to update Adobe Flash Player, it should only be done via the Adobe site, or via their update downloader which is installed on your device when you first install Adobe.
Use BullGuard to protect you from sneaky malware and other online threats. Choose the security suite that best suits your needs here: BullGuard security products.
Posted by Andreea Luciana Ostache