[Warning] Detected malicious file on Android disguised as a Flash Player file

1. Introduction

Malicious application masqueraded as a Flash Player-related application for android has been found.
So users are urged to take precautions.
This app was masqueraded as a Flash Player and its similar icon, and tries various malicious behavior on background without screen while.
On infected, information of smartphone, SMS may be leaked.
Therefore, user needs caution to download and install application.

2. Spreading path and symptoms of infection

This malicious applicationmay be spread through black market and 3rd party market; sometimes it can be downloaded installed such as access malicious URL or attached file on e-mail.

* Features can be checked on install malicious application

This malicious application shows permission requirement screen on installation, like as following image.

This following image is a part of permission requirement declaration.
Check "Permission explanation" for detail information.

* Permission explanation

- android:name="android.permission.INTERNET"-> Permission for using internet
- android:name="android.permission.SEND_SMS"
-> Permission for sending SMS
- android:name="android.permission.RECEIVE_SMS"-> Permission for receiving SMS
- android:name="android.permission.WRITE_SMS"
-> Permission for writing SMS
- android:name="android.permission.READ_SMS"-> Permission for reading SMS
- android:name="android.permission.READ_PHONE_STATE"
-> Permission for getting cellular phone information
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"-> Permission for saving information to SD card
- android:name="android.permission.MODIFY_AUDIO_SETTINGS"
-> Permission for audio settings

There are some other malicious applications which have same symptom but didn’t masquerade as a Flash Player, such as a following image.

Also, these malicious applications are shown as a masqueraded icon below. And they don’t have execution screen.

After being installed, the malicious application is running as a service and will behave various malicious behaviors after certain period of time.

* Spreading malicious application lists- FlashCom
- FlashP29
- Flashpom
- MMS29

* Detailed analysis of symptoms
After being installed, the malicious application is running as a service and will behave various malicious behaviors after certain period of time.

This following figure describes stealing and utilizing information of smartphone such as IMEI.

Collected IMEI information may be used generating cloned phone, those applications’ most common function. This malicious application can also acquire information such as installed application list with following codes.

This code above describes obtaining application list. It collects all installed application list information and sends to SD card, and sending the information external site after certain period of time.

In addition, the malicious application was analyzed trying to leak SMS and caller number to external site.

This following figure is captured screen for external leakage packet among installed application lists.

* Captured screen of external leakage packet about installed application lists

- All the application list information of infected smartphone can be leaked externally.

* Captured screen of cellular phone information like IMEI, android platform version

- Red box contains leaking phone’s information, blue box contains IMEI information.

In addition, the malicious application is checking its product name and version and tries to update if it isn’t latest version.

3. How to prevent

Recently, malicious application is spreading as a various variant type such as packaging techniques, masquerading as a normal program, and so on. Compared to previous years, malicious applications are significantly increased. Like most malicious application, it’s very difficult to find being infected or symptom for a normal user; therefore we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

* Malicious application diagnosis name added nProtect Mobile for Android product family

- Trojan-Spy/Android.CrWind.A
- Trojan-Spy/Android.CrWind.B
- Trojan-Spy/Android.CrWind.C
- Trojan-Spy/Android.CrWind.D


  1. Blogs are so interactive where we get lots of informative on any topics nice job keep it up !!

    phone recording equipment

  2. If you are a writer, you need to examine this page with numerous articles on the thematic of writing various types of essays.

  3. I didn't know that android disguised as a Flash Player is that really true? I have to Write My Dissertation and I am going published this one can i?

  4. Clearly there is opportunity to get better however the Play Store isn't for the most part malware regardless of not having the moderate manual survey procedure of the App Store so dislike it's absolutely useless. Applications like assignment writing help that download a second apk will in general get around Play Protect and the underlying robotized survey since those just take a gander at the apk submitted.

  5. we secured all the basic malware and how to manage it. Partially 2 of our continuous arrangement, we investigate the cloudy universe of Android infections, how they can taint your cell phone, Assignment Help Service - AssignmentSpot and what you can do to amp up its insusceptibility against them. Before we make a plunge, allows begin with a touch of history.

  6. Application phishing" is another technique of digital crooks where the clients are deceived into downloading and introducing a certified looking application however that really contains a Trojan, which alarms the engineer when the client initiates the application. If there should be an occurrence of a banking application, the engineer can seize the session by representing AmeriPlus Financial a phony confirmation screen taking the login subtleties, bringing about loss of individual and budgetary information.

  7. It’s interesting to note that, despite what a lot of people think, Mozart wasn’t born a genius here https://essaysprofessors.com/ . He had a lot of privileges in his life that gave him the experience and training he needed to be a musical genius, and what we remember is the man – the genius – that everyone got to experience and still experiences to this day through his music.

  8. Sometimes it is necessary to hire an article writer because it is so hard to deal with all the college assignments on your own. There are so many reasons why student may need professional writer’s help that it is not possible to count them all, but if it is, choose the most suitable writing service.

  9. Recently in this case of spreading malicious applications, I am trying to consider it thoroughly. Buy dissertation online

  10. This Article is Worth of sharing. The information is helpful for sure! Keep going like this! Cheap Linux VPS

  11. Blogs are so interactive where we get lots of informative on any topics nice job keep it up !!
    Essaytigers | Best essay writing company in UK

  12. We are a Quality Renovation Contractor that Renews and Brings Life back to Existing Properties no Matter what kind of Space you are looking to Renovate: Bathrooms, Living Rooms, Kitchens, or Other Living Spaces.
    ikea kitchen designer

  13. Through this post, we can get information about assignment writing services and get high grades. Such posts can improve our knowledge. Thanks for sharing this nice post. If you are interested in cryptocurrency, then you can know expected bitcoin price in 2021.

  14. Ramma foundation is a company and a foundation that provide crack repair snow remove and gutter clean service. We are the crack repair foundation in Alberta Edmonton. We provide services like crack repair, gutter clean services, show removal, in short we are the foundation repair in Edmonton.
    foundation repair Edmonton

  15. Emirati Coffee Dubai co-founder and CEO Mohamed Ali Al Madfai first opened the Emirati Coffee Co roastery in 2017 and the coffee shop followed a year later in 2018. Apart from coffee wholesalers, We offer a beautiful indoor or outdoor coffee cart with all equipment and highly skilled baristas to serve at your function or event.
    best coffee roastery dubai

  16. LOCAL is an independent life-style concept store that combines a specialty cafe, coffee beans Abu Dhabi, men's barbershop and an exclusive
    sneaker & street wear consignment store

  17. Electra has been partnered with renowned lighting, ventilation, wiring accessories, kdk ceiling fan and electrical system manufacturers since 1965

  18. Best Amazon Product in one Store at Coupon Gift Free xbox 360 messenger kit

  19. Here you can learn and take information about this Moi Qatar

  20. Very nice Article I love it and want to share with my friends
    Ramma Foundation Repair

  21. If you want to go fishing these are some of the best fishing apps that will halp you plan your fishing trip.

  22. I hope you have received the necessary advice from professionals in this forum. I am currently working on creating a blog for students, where they will be able to get services from various professionals and use the help https://essaysservice.com/essays/technology.html

  23. Nice to share...
    if you want to play action game or looking action game. then , i will recommed you watergirl in the light temple

  24. We are specialists in the construction of unique and exclusive properties. Our work inspires. We pride ourselves on delivering outstanding quality and design for leading clients across the world.
    Dry bulk trucking Houston

  25. Owned and operated since 2008, we provide contractors, designers, and masons with quality, competitively-priced stone materials for your project needs.
    Edmonton stone suppliers

  26. Thanks for the post
    Here you can buy all kinds of csgo prime accounts csgo smurf accounts and gold nova 1 all in one place and at the best price

  27. Found content very interesting. Very nice platform. Mostly i keep on surfing across different sites on daily basis, but this site is amazing in all sense.

    Shout out from Ryan Eli:
    My latest Blog:
    Can you freeze Tortillas and the other one
    benadryal and alcohol

  28. Hay, I like your website!
    I am for the first time here. I came across this board and I find It really useful
    & it helped me out much. I’m hoping to provide one thing back and help others such as you aided me All Latest News
    Business News
    Trump News
    city News

  29. SHR Capital A Source of Free Forex Trading Tips in Abu Dhabi Operated by a team of Forex advisors and technical experts, we are united by one vision.
    Best Forex Broker In Dubai

  30. Hasten Cleanse LLC of Houston, Texas, USA produces a powerful product for tank cleaning in the petrochemical sector. We strive to deliver a quality product with professionalism unrivaled in the marketplace. We will do whatever it takes to be your vendor of choice in the hydrocarbon cleanup arena.Hydrocarbon Tank Cleaning

  31. good website all page are good working thats a good wrbsite fastly jobs

  32. Thats very informative article, thankyou for this Oli @ Novateus

  33. This post is very cool, everyone at Website Design Company in Karachi loved reading this