As computer users, we live in a Flash-centric universe: YouTube videos, mini-games online, and interactive ads are only some of the content that needs the tiny Flash plugin. And, just like any intensively-used application, Flash is frequently updated. But sometimes, these updates are not what you’d expect.
This specific “Flash Player installer”is nothing suspicious at the surface: it has the familiar colors and branding elements. Even the End-User License Agreement checkboxes are in the right place. What pops out of context, however, is an alleged registration mechanism that asks you to provide information about your country of origin and cell service provider. However, if you’re from Russia, you’ll only have to provide your cell number.
The wizard requires users –during the installation process – to send a code to a premium-rate telephone number in return for an activation key, an approach that is also the most popular con form targeting smartphones these days.
So while most people around the world are conned into paying extra charges for a free piece of software, Russian victims only face the dangers of having their phone numbers logged in to a database for further campaigns that probably use vishing (voice phishing) to inflict more financial damage.
Now, you might wonder who could fail to see the scam behind the phone validation charade. Well, If you have been used other Adobe (and not only) products, you probably know that some have an option to activate the application by phone, in case your PC is not connected to the Internet. This time, experience works against your best interest as it makes you less suspicious of this type of “authentication”.
Legit phone activation screen
An old proverb reads: “Timeo Danaos et dona ferentes”–fear Greeks, even if they bear gifts. The same rule applies to Russian software –if it wants to dial a number, shut it off. In the case of premium-rate SMS senders, the malicious code takes the guise of legitimate applications or a pirated version of a popular legitimate one to trick the users into downloading and installing them on their systems.
And now the story in images:
Step 1 –Fake Adobe Flash Player window
Step 2 –Installing Fake Adobe Flash Player
Step 3 –Selecting the country of origin
Step 4 –Selecting the country and the telephone provider
Step 5 –Russian users only need to enter their phone number
This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender VirusAnalyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.