- Personal Research:
- The fake Android game of Rockstar's Need For Speed is used as a the first part of a Trojan designed to send premium rate SMS messages.
- After install it asks the user to download a required Flash Player update to finish installing the game.
- This Fake flash player update is the part of the malware doing the work. It will send a premium rate SMS that charged to the users phone bill then install a valid copy of Adobe Flash Player.
- No valid version of NFS is ever installed.
- Please note that this scam is in Russian and must be side-loaded onto the phone.
MD5:
- com.rockastar.nfss_1.apk :
- 52FADDBF80D97B93209BC0929B666049
- Flash_Player_install.apk:
- 8C806A367D97532CA438F40C26AF14D2
VIRUS TOTAL:
- com.rockastar.nfss_1.apk:
- Flash_Player_install.apk:
CAPTURED SAMPLES:
- WARNING: These are direct non pass-worded links to the APKS and are harmful if loaded on the phone. DOWNLOAD WITH CAUTION.
- com.rockastar.nfss_1.apk:
- hxxps://www.dropbox[dot]com/s/ydw3rpgfysycmft/com.rockastar.nfss_1.apk
- Flash_Player_install.apk:
- hxxp://mobi-go[dot]in/load.php?d=gp&f=1223&s=6343&PHPSESSID=419b55b5dgcptskmm9si752l24
MY OPINION:
- This is very similar to other Android scams in the past that use a payload. The lack of permissions on the first part is meant to trick the user into thinking it is safe. A user having already gone through the first install is more likely to continue on even though more alerting permissions are needed. Some researches labeled this as a hoax because it is thought that the 2nd part is not related. They believe that someone found the Fake Flash Player download and created the first part that calls it just to be malicious.
MORE RESEARCH:
- Research to Similar Scams in the past that I think this is related to.
