A NEW SCAM is targeting Android users and tricking them into paying £15 for Adobe bloody Flash.
There's no dodgy code involved in this latest swindle, uncovered by ESET, and it instead relies on social engineering to fool users into paying €18 (£15) for Adobe Flash Player, which was officially discontinued on Android back in 2012.
Once downloaded from Google Play, the legit-looking app - named 'F11' - displays a tutorial with instructions on how to download Flash Player. On that same page, users are directed to PayPal where they are asked to hand over cash before they can do so.
"The authors of this scam have gone a long way to make it appear as a legitimate business," said Lukáš Štefanko, the ESET malware researcher who led the investigation.
"For example, the app was listed in the educational section of the Play store. However, the shopping basket at PayPal reveals the true nature of the operation: the item in it is called Flash Player 11."
Once a user has paid, users are treated to a link to a Flash Player installation tutorial, which advised that they install the Firefox or Dolphin browser on their device, both of which support Flash content by default, and both of which are available to download for free from Google Play.
"At the end of the whole operation, victims end up being able to play Flash content on their devices," explains Štefanko.
"However, it's thanks to either browser the user chooses to install. In other words, the user did not install what they had paid for."
Google has been quick to remove the app from the Play store, but ESET notes that it has already been downloaded between 100,000 and 500,000 times. However, it's unclear how many users were tricked into hand over their cash. µ
'Ah - yes - we're ignoring your wishes for a reason there, leave it alone'
And, er, not much else
To serve, protect, and get incredibly hot and dusty
Symantec links attack to prolific Lazarus hacking group