The researchers from the SANS Technology Institute discovered this new campaign, and they explain that the fake Flash Player update is presumably being served via malicious advertising.
At first, users are pestered with a popup that alerts them to update their current Flash version.
If users follow the advice in the pop-up, they are tricked into installing malware that bypasses OS X’s Gatekeeper feature with a valid developer certificate.
The fake Flash Player update package is signed with a valid Apple certificate
Surprisingly, this file doesn’t trigger any warnings from Mac’s GateKeeper because it was signed by an official Apple developer certificate issued to someone named Maksim Noskov. This means that Apple will allow you to run this malicious package without raising one single alarm flag.
The shareware is delivered alongside a genuine version of Adobe Flash Player in an attempt to trick users into thinking the update was a genuine download from Adobe.
When run, the malware warns users of fake security threats, redirects them to potentially dangerous websites or installs malicious browser extensions.
The SANS Institute said it asked for money after identifying the “system problems”.
Fake Flash Player updates are a common port of call for cyber criminals trying to trick users into downloading malicious software, so hopefully most users will not be fooled.
As always, users are advised to download Flash Player updates only from Adobe’s website.