Fake Flash Player update prompt infects Mac users with scareware

The researchers from the SANS Technology Institute discovered this new campaign, and they explain that the fake Flash Player update is presumably being served via malicious advertising.

At first, users are pestered with a popup that alerts them to update their current Flash version.

If users follow the advice in the pop-up, they are tricked into installing malware that bypasses OS X’s Gatekeeper feature with a valid developer certificate.

The fake Flash Player update package is signed with a valid Apple certificate

Surprisingly, this file doesn’t trigger any warnings from Mac’s GateKeeper because it was signed by an official Apple developer certificate issued to someone named Maksim Noskov. This means that Apple will allow you to run this malicious package without raising one single alarm flag.

The shareware is delivered alongside a genuine version of Adobe Flash Player in an attempt to trick users into thinking the update was a genuine download from Adobe.

When run, the malware warns users of fake security threats, redirects them to potentially dangerous websites or installs malicious browser extensions.

The SANS Institute said it asked for money after identifying the “system problems”.

Fake Flash Player updates are a common port of call for cyber criminals trying to trick users into downloading malicious software, so hopefully most users will not be fooled.

As always, users are advised to download Flash Player updates only from Adobe’s website.


2 thoughts on “Fake Flash Player update prompt infects Mac users with scareware

  • May 31, 2016 at pm7:23

    I’m usually to blogging and i really recognize your content. The article has really peaks my interest. I am going to bookmark your website and hold checking for brand spanking new information.

  • June 4, 2016 at am12:06

    It’s best to participate in a contest for the most effective blogs on the web. I’ll suggest this website!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.