Adobe Flash Player is practically extinct, but that hasn’t stopped some attackers from creating a fake Flash Player app for Android and stuffing it with the dangerous FluBot malware. FluBot is a Trojan designed to steal the victim’s banking credentials by sending them to login forms for various lenders around the world, however, the malware also sneaks up on fake security updates, voice memos, and parcel delivery notices.
A fake Flash Player app contains the Flubot malware
FluBot appears to be able to steal online banking credentials, send and intercept SMS messages, and even take screenshots. Unfortunately this malware has evolved and in its latest version it has become even more effective. If nothing else, this fake Flash Player for Android is not available through the Google Play Store , but appears to be delivered in the form of an SMS message.
Victims receive an SMS containing a link that takes them to a page to download a fake Flash Player app APK that installs FluBot malware on their device. For this reason, particular attention must always be paid to sources when downloading third-party APKs before installing them on devices, following only official channels.
It is also advisable not to open suspicious links, in particular those contained in SMS and e-mail messages that ask for access credentials and above all not to download anything from these links.