Android users have been exposed to a new malicious app imitating Adobe Flash Player that serves as a potential entrance for many types of dangerous malware. The application, detected by ESET security software as Android/TrojanDownloader.Agent.JI, tricks its victims into granting it special permissions in the Android accessibility menu and uses these to download and execute additional malware of the attackers’ choice.
According to ESET’s analysis, the trojan targets devices running Android, including the latest versions. It is distributed via compromised websites, including social media sites. Under the pretense of safety measures, the websites lure users into downloading a fake Adobe Flash Player update. If the victim falls for the legitimate-looking update screen and runs the installation, they have more deceptive screens to look forward to.
How does it work?
The next phony screen pops up following successful installation, claiming “too much consumption of energy” and urging the user to turn on a fake “Saving Battery” mode. Like most malicious pop ups, the message won’t stop appearing until the victim gives in and agrees to enable the service. This opens the Android Accessibility menu, showing a list of services with accessibility functions.
Among the legitimate ones, a new service (created by the malware during installation) named “Saving battery” appears. The service then requests permissions to monitor users actions, Retrieve window content and Turn on Explore by Touch – all crucial for future malicious activity, enabling the attacker to mimic the user’s clicks and select anything displayed on users screen.
Once the service is enabled, the fake Flash Player icon hides from the user. However, in the background, the malware is busy contacting its C&C server and providing it with information about the attacked device. The server responds with a URL leading to a malicious app of the cybercriminals’ choice – in the detected case, a banking malware (though it could be any malware ranging from adware through spyware, and on to ransomware). After acquiring the malicious link, the compromised device displays a bogus lock screen with no option to close it, covering the ongoing malicious activity beneath it.
This is when the permission to mimic the user’s clicks comes in handy – the malware is now free to download, install, execute and activate device administrator rights for additional malware without the user’s consent, all while remaining unseen under the fake lock screen. After the app’s secret shenanigans are done, the overlay screen disappears and the user is able to resume using their mobile device – now compromised by the downloaded malware.
Has my device been infected? How do I clean it?
If users think that they might have installed this fake Flash Player update in the past, they can easily verify by checking for ‘Saving Battery’ under Services in the Accessibility menu. If listed under the services, their device may very well be infected. Denying the service its permissions will only bring users back to the first pop up screen and will not get rid of Android/TrojanDownloader.Agent.JI.
To remove the downloader, try manually uninstalling the app from Settings -> Application Manager -> Flash-Player. In some instances, the downloader also requests the user to activate Device administrator rights. If that turns out to be the case and user can’t uninstall the app, deactivate the administrator rights by going to Settings -> Security -> Flash-Player and then proceed with uninstalling.
Even after doing so, the device might still be infected by countless malicious apps installed by the downloader. To make sure the device is clean, ESET recommends using a reputable mobile security app, such as ESET Mobile Security & Antivirus, as a hassle-free way to detect and remove threats.
How to stay safe
To avoid dealing with the consequences of nasty mobile malware, prevention is always the key. Apart from sticking to trustworthy websites, there are a couple more things users can do to stay safe.
If downloading apps or updates on browser, always check the URL address to make sure it’s installing from the intended source. In this particular case, the only safe place to get Adobe Flash Player update is from the official Adobe website.
After running anything installed on a mobile device, pay attention to what permissions and rights it requests. If an app asks for permissions that don’t seem adequate to its function, don’t enable these without double checking.
Last but not least, even if all else fails, a reputable mobile security solution will protect your device from active threats.
T4W and NetEase Games to Publish Party Game Eggy Go in Multiple Regions
The 4 Winds Entertainment (T4W) has announced a publishing partnership with NetEase Games, the online games division of NetEase, to launch the upcoming mobile party game Eggy Go (English name pending) in EMEA, Australasia, India, LATAM, and North America. Eggy Go is an imaginative super party game for mobile, supporting up to 32 players who compete per match, with strong social features that have attracted the attention of a large number of players during its closed beta stage across the globe. As NetEase’s most anticipated party mobile game this year, the Chinese launch of the game will be on May 26th, ready to start the party with an impressive number of pre-registrations.
“Since its start, The 4 Winds Entertainment has been on a mission to provide high-quality gaming entertainment from the best worldwide developers to Opportunity Markets and the rest of the globe,” stated Steven Huot, CEO of The 4 Winds Entertainment. “We found the right partner, one that shares our excitement and is more than up for the task. NetEase Games is an excellent choice, collaborating with us to create an outstanding game for iOS and Android.”
The global release timeline of Eggy Go will be announced soon, and to stay up to date on Eggy Go, please visit the Official Website https://www.eggygo.com/
PUBG MOBILE Launches Version 2.0 Update
PUBG MOBILE has officially released its new Version 2.0 Update, packed with new additions to PUBG MOBILE’s iconic maps, alongside new content from acclaimed anime EVANGELION and more. Beginning on May 11th, Livik gets an explosive overhaul with an upgraded environmental redesign in its urban areas to showcase innovative new combat strategies. A new vehicle – the agile four-seater Utility Task Vehicle – has also been added to Livik and Aftermath, allowing players to quickly move back and forth across the map’s diverse landscape.
At the beginning of the match, a golden resource-rich area will spawn in a random urban area, allowing players to grab as many supplies as they can! Not to mention a great assemblage of mini-games and items, such as Random Crates, which can be tracked down with Treasure Maps, Blomster’s in-game Soccer Challenge, and a quick means of escape with the map’s new Zipline.
Airdrops come once a match in a designated area, while Recall Towers are dotted across Livik for players to revive their lost teammates. Lying beneath it all is Livik’s volcano, which may erupt at any given moment – hide from its wrath by dodging its explosions and sheltering in buildings! All this content and more lands in Livik today.
On May 19th, a new season comes to PUBG MOBILE! A new batch of Legendary rewards is available for Cycle 2 Season 6, including themed Glasses, Parachute, Mask, and much more. The tier system has also been adjusted, as more sub-tiers have been added within the Gold, Bronze, and Silver tiers.
With the new Royale Pass Month themes – Hidden Hunters for Month 11 – players can work their way up to rank 50 to pick between two rewards. They can also track the progress of their pass missions in matches through the mini-map and, with the Favorites Crate, select their preferred reward from any past season. A free Royale Pass Voucher will become available for next month’s Royale Pass – themed Toy World – and the chance to participate in the server-wide Golden Chicken event and bonus Royale Pass Point event.
PUBG MOBILE has today announced an upcoming partnership with the acclaimed anime title EVANGELION to bring the series’ fearsome Angels to PUBG MOBILE’s iconic maps in a special event coming soon. Stay tuned for more information! Other new additions to the PUBG MOBILE shop include new Mythic outfits from the Crystal Power Squad, including the Interstellar Chimera Set, Floret Fairy Set, Sacred Eminence Set, and Styx Sovereign Set, as well as a brand new character, Emilia the Materials Scientist, who can provide players with new equipment.
Also new to PUBG MOBILE are Wingman Finishes, obtainable through the Lucky Spin from May 17th to May 24th. Wingmen can accompany players through their game, flying around Spawn Island during the match, alongside the plane during the jump phase, and there to welcome players back to the lobby afterward.
A number of other improvements have been made to PUBG MOBILE, including visual improvements, UI upgrades, and much more. Security, in particular, has doubled down, with the intuitive new Eagle System and Fog of War Anti-Cheat System included to combat cheaters further.
Three Most Dangerous Types of Android Malware
Written by Lukas Stefanko, Malware Researcher at ESET
These days, the device in your pocket can do far more than call or send text messages. Your smartphone stores almost every aspect of your life, from memories, captured as photos to personal notes and schedules, log-in details, and various other kinds of sensitive data.
Android-powered devices command more than 70 percent of the mobile operating system market. Add to that the open nature of the Android ecosystem and it’s clearer why these devices bear the brunt of malicious attacks on mobile devices and remain a lucrative target for attackers.
Google has, of course, introduced a number of privacy- and security-enhancing features for Android devices. Just a few days ago, the company announced that it had stopped 1.2 million policy-violating apps from reaching Google Play last year, among other measures aimed at cracking down on malicious apps.
However, this is not to say you should let your guard down when it comes to all sorts of dangers that lurk especially in third-party app stores.
Malware comes in various forms and works in various vicious ways. Watch the video to learn more about some of the most dangerous types of malware affecting Android devices, including:
- Malicious software that can hold your device and data hostage, possibly “on behalf of the FBI”
- Malware that steals login credentials and can in some cases bypass two-factor authentication
- Android nasties that give hackers control over your entire device
Review: HONOR X9
HONOR launched its HONOR X Series a while ago and we had reviewed the X8, as well. This time around...
Review: Amazon Echo Show 10
The Amazon Echo Show 10 (3rd Gen) is the company’s new smart display and speaker, powered by the Alexa voice...
Video Review of the POCO F4 GT in the UAE
POCO’s new F4 GT is a gaming smartphone that packs in top-notch specs at a pocket-friendly price. The F4 GT...
Review: Samsung Galaxy Tab S8 Ultra
Samsung’s new Galaxy Tab S8 Ultra tablet is possibly one of the biggest out there on the market with a...
Review: Bose QuietComfort 45 Noise Cancelling Smart Headphones
Bose’s new QuietComfort 45 headphones replace the successful QuietComfort 35 II. The new pair of headphones come with noise cancellation...