• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Locked

Beware of fake Flash Player update on OSX

New Here ,
Apr 12, 2018 Apr 12, 2018

Copy link to clipboard

Copied

While reading the morning paper on my MacBook Pro, a popup appeared telling me to update to the latest version of Flash Player.  I clicked to downloaded the dmg file, and noticed it was downloading from fpsdz.aspirinqueen.win.   Needless to say, this does not appear to be an Adobe site so I did not install it.   The popup looked very official, and I could find no other reports about downloads from asprinqueen.win, so I assume this is a fairly new fake install dmg.

TOPICS
OS

Views

66.0K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 15, 2018 Aug 15, 2018

Copy link to clipboard

Copied

It does.  Where are you getting that link from?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 15, 2018 Aug 15, 2018

Copy link to clipboard

Copied

I keeps popping up on my computer. Maybe 1 x a week

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 15, 2018 Aug 15, 2018

Copy link to clipboard

Copied

There *is* a notification option for updates that would cause a dedicated window to open and encourage you to update.  It's not the default option, and we don't recommend it -- specifically because bad actors target users through update notifications.  Using a pop-up window in the web browser is usually the method perferred by bad actors, although modern browsers do a good job of restricting pop-up windows for the most part.

If you go to Control Panel > Flash Player > Updates and you see "Notify me to install updates" is selected, that would confirm that your system is configured to show those legitimate update dialogs.  The link you shared was a real link, so that would make sense.  If you primarily use Chrome, but you installed Flash Player for Firefox (or maybe for Adobe Acrobat) at some point, that would explain why you're getting the pop-up notification to update the NPAPI Flash Player variant.

Instead of trusting the pop-up, you can just initiate the update from the control panel by choosing "Install Now", which would allow you to avoid interacting with any pop-ups.  The update screen will also enumerate a list of the Flash Player variants you have installed and their versions.  We shipped an update yesterday, so the current version is 30.0.0.154.

I'd also highly recommend just setting that update preference to "Allow Adobe to install updates...", so that you're not wondering about whether your Flash Player is current, and/or if a pop-up dialog is legitimate.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 15, 2018 Aug 15, 2018

Copy link to clipboard

Copied

Then I get this after I click on the Grey flash puzzle piece. Doesnt look

good. Should I continue?

On Wed, Aug 15, 2018 at 1:20 PM jeromiec83223024 <forums_noreply@adobe.com>

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 15, 2018 Aug 15, 2018

Copy link to clipboard

Copied

Oh, the forums don't do email attachments.  If you come back to the forums site, you can add them to the post through the UI.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 29, 2018 Dec 29, 2018

Copy link to clipboard

Copied

If this "fake" flash update has been installed, what to do?

[link removed]

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 29, 2018 Dec 29, 2018

Copy link to clipboard

Copied

The Flash might be perfectly fine, or not, but the fake will have installed all sorts of other things, from unwanted advertising to apps that steal your credit card and personal info, or threaten blackmail. Do not use the computer! Best to wipe the computer and start over. This will lose EVERYTHING on it, but if you have good backups you can use them. If this sounds too much for you seek professional advice on the computer now.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jan 22, 2019 Jan 22, 2019

Copy link to clipboard

Copied

Please bear in mind that a fake update notification doesn't mean YOU are infected. It means the WEB SITE is infected. Ignore the message, and don't go to that site again.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Jan 22, 2019 Jan 22, 2019

Copy link to clipboard

Copied

LATEST

This thread has gone circular, and I'm going to lock it.

If you've encountered a site offering fake Flash Player downloads, please send a screenshot and a fully copy of the URL(s) involved to phishing@adobe.com.

Our phishing team will follow up with appropriate actions on the website side of things.  In general, it's better to avoid posting malicious links to the forums.  We don't want anyone accidentally clicking them, and the more sophisticated delivery mechanisms engineer the URLs for one-time use (it's hard to serve a takedown notice if you can't show someone that the URL is delivering malware).

The US Federal Trade Commission has some good advice on avoiding malware in general:

https://www.consumer.ftc.gov/articles/0011-malware

https://support.microsoft.com/en-us/kb/129972

Heres the advice that I typically share to people that were either tricked into installing malware, or are seeing fake update notifications, but haven't been lured into actually running those installers:

Unfortunately, because Flash Player is installed on billions of computers, it's a common target for impersonation for people distributing malware.

As an industry, we've done a pretty good job of defending against technical attacks that allow bad guys to install software without your authorization.  In 2018, it's really difficult to do (assuming you're running a modern operating system and not something from 2005, in which case, you should get on that).

The result is that human factors are now the path of least resistance.  It's easier to trick you into installing something on behalf of the attacker, vs. figuring out how to defeat all of the security stuff required to do it without your express permission.

In general, you're better off setting everything to update automatically.  You can then go through life assuming that any update notifications you get are bogus.  This is actually what we strongly recommend, and it generally applies to anything tasked with handing untrusted communication (the operating system, your web browser, flash player, etc.).  The inconvenience of something functional breaking because of an update pales in comparison to the pain of recovering from identity theft.

Here are a few guidelines that will minimize your risk of getting tricked into installing malware:

- Wherever possible, use your operating system's App Store for downloading and updating software

- When software you want (like Flash Player) isn't available from the App Store for your operating system, always navigate directly to the vendor's website.  If you need to search for the download, that's cool -- but avoid "download" sites, and find the vendor's actual download link

- Never download stuff from a link in an email or update dialog.  Type it in.  It's easy to disguise fake URLs in links using internationalized characters and things (e is not the same as è, but it might be really easy to miss if you're not looking closely).  If it's a link from a URL shortener service like tinyurl.com/abcde or bit.ly/abcde, you don't know what the end result is going to be, and you're probably wise to just head to Google to find what you need instead.

- When the software offers automatic updates, just turn them on and stop worrying about maintaining all the moving parts running on your computer.  The threat landscape is so much different than it was 10-15 years ago.  Enable updates so that you're getting critical patches as soon as they become available.  Be confident that any subsequent update notifications are probably fake, and act accordingly (either ignore them, or consult the vendor for guidance before doing anything).

For Flash Player specifically:

Always download Flash Player from here:  https://get.adobe.com/flashplayer/

When you install, choose the default option of "Allow Adobe to Install Updates (recommended)", and we'll keep it updated for you.

Google Chrome ships Flash Player as a built-in component, and keeps it updated automatically.  There's nothing separate to download, install or configure.

Microsoft Edge and Internet Explorer on Windows 8 and higher also include Flash Player as a built-in component of their browser, and updates are handled automatically through Windows Update.  Again, as long as Windows Update is enabled, there's nothing to download or configure.

If you've actually installed malware on your machine:  

There is a large universe of unknown unknowns, but the important thing to know is that malware authors at this point are professionals.  They test against popular antivirus and cleanup tools.  Good malware is going to first establish a foothold, but the second order of business would be to ensure resilience.  If you've run cleanup tools and have removed the obvious visible signs of the malware infection, that may be adequate, but you're putting a lot of faith into the efficacy of those tools.  In most situations, it's difficult to determine whether or not you've eradicated everything that was installed, and you should weigh those risks carefully.  Without significants expertise, and/or an exhaustive and expensive forensic analysis, there are no guarantees.

If it were me, I'd probably back up all of the critical data on the machine and then burn the whole thing down and start from scratch (i.e. format the hard disk, reinstall the operating system and applications from pristine sources, install a reputable antivirus utility, scan my backups and then restore them.  I'd then go buy a password manager like LastPass/OnePass/KeyPass/etc. and set about ensuring that I have unique, strong passwords for each of the important online services that I use (including any email services that could be used to reset those passwords), and set up two-factor authentication wherever it's offered.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines