1. /
  2. Security Response/
  3. Android.Fakeflash


Risk Level 1: Very Low

June 30, 2012
July 3, 2012 11:46:51 PM
Infection Length:
110,000 Bytes
Systems Affected:
Android.Fakeflash is a Trojan horse for Android devices that installs a fake Flash application in order to direct users to a website.

Android package file
The Trojan may arrive as a package with the following name:

APK: com.dreamstep.wFlashPlayer[VERSION]
Name: Flash Player [VERSION]

Note: [VERSION] is variable and subject to change. Examples using this variable include the following:

For APK:

For Name:
Flash Player 10.5
Flash Player 10.5 New
Flash Player 12 Beta

Once installed, the application may display one of the following icons:

Antivirus Protection Dates

  • Initial Rapid Release version June 30, 2012 revision 002
  • Latest Rapid Release version February 19, 2013 revision 016
  • Initial Daily Certified version July 1, 2012 revision 008
  • Latest Daily Certified version July 3, 2012 revision 024
  • Initial Weekly Certified release date July 4, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Directs users to a website.


  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Beannie Cai

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report