Banking on the likelihood that not many users have hears about that decision and are searching for Flash Player on official and unofficial online Android markets, Russian scammers have decided to set up a number of websites offering the bogus app.
"As of this writing, we’ve seen eight sites using Adobe’s logos and icons—all are linking to the same variant of OpFake Trojan disguised as the legit Flash Player for Android. All the Russian sites used different file names for their .APK files but they’re the same malicious variant," say GFI researchers.
They even found one site in English offering Flash Player for Android, but the .apk file in question is bundled with adware that attempts to download other adware, and in the end offer instructions on how to get the fake Flash Player.
Unfortunately, those instructions actually make the unsuspecting users root their own devices, and then download a hacked version of the actual Flash Player app.
"While it is not malicious in itself, Adobe does not support it—worse, it could cause some problems to the device. With a rooted device, future updates of this hacked app may grant or install new permissions users are not aware of," the researchers point out.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.