1. /
  2. Security Response/
  3. Android.Fakeflash

Android.Fakeflash

Risk Level 1: Very Low

Discovered:
30 June 2012
Updated:
3 July 2012 11:46:51 PM
Type:
Trojan
Infection Length:
110,000 Bytes
Systems Affected:
Android
Android.Fakeflash is a Trojan horse for Android devices that installs a fake Flash application in order to direct users to a website.

Android package file
The Trojan may arrive as a package with the following name:

APK: com.dreamstep.wFlashPlayer[VERSION]
Name: Flash Player [VERSION]

Note: [VERSION] is variable and subject to change. Examples using this variable include the following:

For APK:
com.dreamstep.wFlashPlayer105
com.dreamstep.wFlashPlayer105New
com.dreamstep.wFlashPlayer12Beta

For Name:
Flash Player 10.5
Flash Player 10.5 New
Flash Player 12 Beta


Installation
Once installed, the application may display one of the following icons:







Antivirus Protection Dates

  • Initial Rapid Release version 30 June 2012 revision 002
  • Latest Rapid Release version 19 February 2013 revision 016
  • Initial Daily Certified version 1 July 2012 revision 008
  • Latest Daily Certified version 3 July 2012 revision 024
  • Initial Weekly Certified release date 4 July 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Directs users to a website.

Distribution

  • Distribution Level: Low
Writeup By: Beannie Cai
ISTR V16