Android users have been exposed to a new malicious app faking as Adobe Flash Player. The fake app later creates malicious “Saving battery” service and serves as an entry point for many types of dangerous malware.
The malicious app has been detected as Android/TrojanDownloader.Agent.JI as confirmed by ESET security. The app was found tricking victims into granting it special permissions to monitor your action and download and execute additional malware of the crooks’ choice.
Fake Adobe Flash Player is being distributed through compromised websites mainly adult video sites. Such compromised websites lure users into downloading a fake Adobe Flash Player update to play videos which later asks the user to grant special permissions.
During the installation of fake Adobe Flash Player update, the trojan creates “Saving battery” service. Once the malicious app is installed, the phone screen is filled up with pop up claiming “too much consumption of energy” and requesting the user to turn on a fake “Saving Battery” mode.
The service then requests permissions to Monitor your actions, Retrieve window content and Turn on Explore by Touch.
Once the service is turned on, the malware is now free to download, install, execute and activate device administrator rights for any of the additional malware without the user’s consent.
Security researchers at ESET, in a case, found banking malware getting downloaded and installed on the compromised phone with no option to cancel either of these. The victim is left with lock screen covering malicious activity. However, the fake Adobe Flash Player is capable of installing any kind of malware – adware, spyware, or a ransomware.
If you want to check whether your phone is infected, you can easily verify by checking for ‘Saving Battery’ under Services in the Accessibility menu. If it is listed, your device may be infected.
To remove this malicious app, the user can manually uninstall this from Settings -> Application Manager -> Flash-Player.