[Warning] Detected malicious file on Android disguised as a Flash Player file

1. Introduction

Malicious application masqueraded as a Flash Player-related application for android has been found.
So users are urged to take precautions.
This app was masqueraded as a Flash Player and its similar icon, and tries various malicious behavior on background without screen while.
On infected, information of smartphone, SMS may be leaked.
Therefore, user needs caution to download and install application.

2. Spreading path and symptoms of infection

This malicious applicationmay be spread through black market and 3rd party market; sometimes it can be downloaded installed such as access malicious URL or attached file on e-mail.

* Features can be checked on install malicious application

This malicious application shows permission requirement screen on installation, like as following image.

This following image is a part of permission requirement declaration.
Check "Permission explanation" for detail information.

* Permission explanation

- android:name="android.permission.INTERNET"-> Permission for using internet
- android:name="android.permission.SEND_SMS"
-> Permission for sending SMS
- android:name="android.permission.RECEIVE_SMS"-> Permission for receiving SMS
- android:name="android.permission.WRITE_SMS"
-> Permission for writing SMS
- android:name="android.permission.READ_SMS"-> Permission for reading SMS
- android:name="android.permission.READ_PHONE_STATE"
-> Permission for getting cellular phone information
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"-> Permission for saving information to SD card
- android:name="android.permission.MODIFY_AUDIO_SETTINGS"
-> Permission for audio settings

There are some other malicious applications which have same symptom but didn’t masquerade as a Flash Player, such as a following image.

Also, these malicious applications are shown as a masqueraded icon below. And they don’t have execution screen.

After being installed, the malicious application is running as a service and will behave various malicious behaviors after certain period of time.

* Spreading malicious application lists- FlashCom
- FlashP29
- Flashpom
- MMS29

* Detailed analysis of symptoms
After being installed, the malicious application is running as a service and will behave various malicious behaviors after certain period of time.

This following figure describes stealing and utilizing information of smartphone such as IMEI.

Collected IMEI information may be used generating cloned phone, those applications’ most common function. This malicious application can also acquire information such as installed application list with following codes.

This code above describes obtaining application list. It collects all installed application list information and sends to SD card, and sending the information external site after certain period of time.

In addition, the malicious application was analyzed trying to leak SMS and caller number to external site.

This following figure is captured screen for external leakage packet among installed application lists.

* Captured screen of external leakage packet about installed application lists

- All the application list information of infected smartphone can be leaked externally.

* Captured screen of cellular phone information like IMEI, android platform version

- Red box contains leaking phone’s information, blue box contains IMEI information.

In addition, the malicious application is checking its product name and version and tries to update if it isn’t latest version.

3. How to prevent

Recently, malicious application is spreading as a various variant type such as packaging techniques, masquerading as a normal program, and so on. Compared to previous years, malicious applications are significantly increased. Like most malicious application, it’s very difficult to find being infected or symptom for a normal user; therefore we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

* Malicious application diagnosis name added nProtect Mobile for Android product family

- Trojan-Spy/Android.CrWind.A
- Trojan-Spy/Android.CrWind.B
- Trojan-Spy/Android.CrWind.C
- Trojan-Spy/Android.CrWind.D


  1. Blogs are so interactive where we get lots of informative on any topics nice job keep it up !!

    phone recording equipment

  2. If you are a writer, you need to examine this page with numerous articles on the thematic of writing various types of essays.

  3. I didn't know that android disguised as a Flash Player is that really true? I have to Write My Dissertation and I am going published this one can i?

  4. Clearly there is opportunity to get better however the Play Store isn't for the most part malware regardless of not having the moderate manual survey procedure of the App Store so dislike it's absolutely useless. Applications like assignment writing help that download a second apk will in general get around Play Protect and the underlying robotized survey since those just take a gander at the apk submitted.

  5. we secured all the basic malware and how to manage it. Partially 2 of our continuous arrangement, we investigate the cloudy universe of Android infections, how they can taint your cell phone, Assignment Help Service - AssignmentSpot and what you can do to amp up its insusceptibility against them. Before we make a plunge, allows begin with a touch of history.

  6. Application phishing" is another technique of digital crooks where the clients are deceived into downloading and introducing a certified looking application however that really contains a Trojan, which alarms the engineer when the client initiates the application. If there should be an occurrence of a banking application, the engineer can seize the session by representing AmeriPlus Financial a phony confirmation screen taking the login subtleties, bringing about loss of individual and budgetary information.

  7. It’s interesting to note that, despite what a lot of people think, Mozart wasn’t born a genius here https://essaysprofessors.com/ . He had a lot of privileges in his life that gave him the experience and training he needed to be a musical genius, and what we remember is the man – the genius – that everyone got to experience and still experiences to this day through his music.

  8. Sometimes it is necessary to hire an article writer because it is so hard to deal with all the college assignments on your own. There are so many reasons why student may need professional writer’s help that it is not possible to count them all, but if it is, choose the most suitable writing service.

  9. Recently in this case of spreading malicious applications, I am trying to consider it thoroughly. Buy dissertation online

  10. This Article is Worth of sharing. The information is helpful for sure! Keep going like this! Cheap Linux VPS

  11. Blogs are so interactive where we get lots of informative on any topics nice job keep it up !!
    Essaytigers | Best essay writing company in UK

  12. We are a Quality Renovation Contractor that Renews and Brings Life back to Existing Properties no Matter what kind of Space you are looking to Renovate: Bathrooms, Living Rooms, Kitchens, or Other Living Spaces.
    ikea kitchen designer

  13. Through this post, we can get information about assignment writing services and get high grades. Such posts can improve our knowledge. Thanks for sharing this nice post. If you are interested in cryptocurrency, then you can know expected bitcoin price in 2021.

  14. Ramma foundation is a company and a foundation that provide crack repair snow remove and gutter clean service. We are the crack repair foundation in Alberta Edmonton. We provide services like crack repair, gutter clean services, show removal, in short we are the foundation repair in Edmonton.
    foundation repair Edmonton

  15. Emirati Coffee Dubai co-founder and CEO Mohamed Ali Al Madfai first opened the Emirati Coffee Co roastery in 2017 and the coffee shop followed a year later in 2018. Apart from coffee wholesalers, We offer a beautiful indoor or outdoor coffee cart with all equipment and highly skilled baristas to serve at your function or event.
    best coffee roastery dubai

  16. LOCAL is an independent life-style concept store that combines a specialty cafe, coffee beans Abu Dhabi, men's barbershop and an exclusive
    sneaker & street wear consignment store

  17. Electra has been partnered with renowned lighting, ventilation, wiring accessories, kdk ceiling fan and electrical system manufacturers since 1965

  18. Best Amazon Product in one Store at Coupon Gift Free xbox 360 messenger kit

  19. Here you can learn and take information about this Moi Qatar

  20. Very nice Article I love it and want to share with my friends
    Ramma Foundation Repair

  21. If you want to go fishing these are some of the best fishing apps that will halp you plan your fishing trip.