Malware cons users into paying for free product

Image credit:
Bogus Flash Player tricks users into sending SMS to premium-rate number

As computer users, we live in a Flash-centric universe: YouTube videos, mini-games online, and interactive ads are only some of the content that needs the tiny Flash plugin. And, just like any intensively-used application, Flash is frequently updated. But sometimes, these updates are not what you’d expect.

This specific “Flash Player installer”is nothing suspicious at the surface: it has the familiar colors and branding elements. Even the End-User License Agreement checkboxes are in the right place. What pops out of context, however, is an alleged registration mechanism that asks you to provide information about your country of origin and cell service provider. However, if you’re from Russia, you’ll only have to provide your cell number.

The wizard requires users –during the installation process – to send a code to a premium-rate telephone number in return for an activation key, an approach that is also the most popular con form targeting smartphones these days.

So while most people around the world are conned into paying extra charges for a free piece of software, Russian victims only face the dangers of having their phone numbers logged in to a database for further campaigns that probably use vishing (voice phishing) to inflict more financial damage.

Now, you might wonder who could fail to see the scam behind the phone validation charade. Well, If you have been used other Adobe (and not only) products, you probably know that some have an option to activate the application by phone, in case your PC is not connected to the Internet. This time, experience works against your best interest as it makes you less suspicious of this type of “authentication”.


Legit phone activation screen

An old proverb reads: “Timeo Danaos et dona ferentes”–fear Greeks, even if they bear gifts.  The same rule applies to Russian software –if it wants to dial a number, shut it off. In the case of premium-rate SMS senders, the malicious code takes the guise of legitimate applications or a pirated version of a popular legitimate one to trick the users into downloading and installing them on their systems.

And now the story in images:


Step 1 –Fake Adobe Flash Player window


Step 2 –Installing Fake Adobe Flash Player


Step 3 –Selecting the country of origin


Step 4 –Selecting the country and the telephone provider


Step 5 –Russian users only need to enter their phone number


This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender VirusAnalyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.