By Stewart Tongue
YNOT – The battle between Android and Apple continues to rage as consumers of mobile devices choose whether to accept Apple’s closed ecosystem or go with Android’s open-source advantages. On the one hand, Apple relies on heavy-handed enforcement of developer restrictions, providing a certain level of security to-end users. On the other, Android’s “hands-off” policy regarding independent developers encourages creativity but a certain amount of use-at-your-own risk mentality.
A recent malware outbreak carried within a fake Flash player designed for Android is a perfect example of the differing pitfalls and benefits inherent in the two approaches.
For some time, consumers have been annoyed by Apple’s steadfast refusal to allow Adobe Flash media on the iPhone or iPad. Apple repeatedly has claimed the refusal was a matter of system-wide security. Apple’s closed ecosystem, Apple engineers insisted, reduces iOS devices’ exposure to malware and virus attacks.
Faced with dwindling market share due to the development of cross-platform software that will play video on all devices, including Apple’s, Adobe recently announced it would put no further effort into developing Flash. The company subsequently removed the official Adobe Flash player app from the Android-centric video marketplace, Google Play.
Scammers quickly filled the void by offering the OpFake trojan disguised as a legit Adobe Flash player designed for Android. Most of the fakes, which can result in mysterious SMS charges, were developed by Russian hackers, according to GFI Labs. However, at least one, usually offered as a file called AdobeFlashInstaller.apk, evidently was aimed at the English-speaking market by hackers whose native language is English.
A GFI Labs researcher said AdobeFlashInstaller.apk tricks users into rooting their devices and then downloading a second .apk file. When the user attempts to uninstall the app, he or she receives a success message, but instead of fleeing the scene of the crime the app retreats to the root directory, actually installing more disruptive advertising, changing the user’s homepage settings, adding pop-ups to the status bar and — most malicious of all — forwarding the user’s contact list to advertisers in the AirPush network without the user’s knowledge or consent. The trojan also opens a backdoor for future invasions.
The malware is almost impossible to remove completely.
Apple, of course, was quick to pick up on the latest Android woes and to point out a similar infestation never could have happened within its closed iOS system.
GFI’s advice? If you didn’t download and install the real Adobe Flash player for Android before Adobe pulled the app from Google Play on Aug. 15, resign yourself to being Flash-less. No player available for download now, even on websites claiming an affiliation with Adobe and bearing what appears to be Adobe’s logo, is safe.