I run Safari on an iMac. I had a screen pop up saying I needed to download a FlashPlayer update. When I read the terms and permissions it was really an attempt to lead MacCleaner Pro onto my computer. MacCleaner Pro is malware. Fortunately I didn't agree to the download and tried to back out. It took me 10 minutes to finally get rid of Mac Cleaner Pro, which had downloaded without my permission and without my agreeing to usage terms. (If you want more info on MacCleaner, google Mac Cleaner malware.) But now I'm not sure whether Mac Cleaner has used Adobe symbols falsely, or if Adobe has cut a deal with Mac Cleaner. If the latter I will never use any Adobe product again.
There are thousands of sites with fake Flash updates, many of which do worse than this.
To get Flash go to http://get.adobe.com/flash, ignore all other notifications.
If you have the URL of the site with the popup please post it, sometimes Adobe can take action.
Adobe has no relationship/agreement with Mac Cleaner. If an update notification included anything with Mac Cleaner it was malicious and not from Adobe.
If the website that generated the notification is still in your history, please send it to email@example.com. They will follow-up on the issue.
I have encountered the same issue. Why Adobe allows this to happen I cannot understand. Surely some kind of block can be developed.
I have tried several times to go to Adobe directly for the Flash Player but have had no success as the phony sites as so many. What appeared to be Adobe still had the option for MacCleaner so I chose not to continue. If the infection of this malware is even in the Adobe site something is really wrong. I have given up.
I have tried several times to go to Adobe directly for the Flash Player but have had no success as the phony sites as so many.
Go to https://get.adobe.com/flashplayer. Alternatively, go to www.adobe.com and click on the 'Adobe Flash Player' link at the bottom of the page:
If a user gets a legitimate Flash Player Update Notification and elects to update Flash via this Update Notification, the URL will begin with https://get3.adobe.com.
Always make sure you're on a secure (https) site. Every major browser vendor identifies whether or not a site is using HTTPS by using a variation of a lock icon in the address field, to the left of the URL
If the infection of this malware is even in the Adobe site something is really wrong.
Official Flash Player download sites on adobe.com do NOT include MacCleaner. There are no optional third party offerings for Mac installers.
Just for completeness, here's my advice on avoiding malware:
Sorry this happened to you. I'm going to leave some advice here for other folks that may run across this.
Unfortunately, because Flash Player is installed on billions of computers, it's a common target for impersonation for people distributing malware.
As an industry, we've done a pretty good job of defending against technical attacks that allow bad guys to install software without your authorization. In 2018, it's really difficult to do (assuming you're running a modern operating system and not something from 2005, in which case, you should get on that).
The result is that human factors are now the path of least resistance. It's easier to trick you into installing something on behalf of the attacker, vs. figuring out how to defeat all of the security stuff required to do it without your express permission.
In general, you're better off setting everything to update automatically. You can then go through life assuming that any update notifications you get are bogus. This is actually what we strongly recommend, and it generally applies to anything tasked with handing untrusted communication (the operating system, your web browser, flash player, etc.). The inconvenience of something functional breaking because of an update pales in comparison to the pain of recovering from identity theft.
Here are a few guidelines that will minimize your risk of getting tricked into installing malware:
- Wherever possible, use your operating system's App Store for downloading and updating software
- When software you want (like Flash Player) isn't available from the App Store for your operating system, always navigate directly to the vendor's website. If you need to search for the download, that's cool -- but avoid "download" sites, and find the vendor's actual download link
- Never download stuff from a link in an email or update dialog. Type it in. It's easy to disguise fake URLs in links using internationalized characters and things (e is not the same as è, but it might be really easy to miss if you're not looking closely). If it's a link from a URL shortener
service like tinyurl.com/abcde or bit.ly/abcde, you don't know what the end result is going to be, and you're probably wise to just head to Google to find what you need instead.
- When the software offers automatic updates, just turn them on and stop worrying about maintaining all the moving parts running on your computer. The threat landscape is so much different than it was 10-15 years ago. Enable updates so that you're getting critical patches as soon as they become available. Be confident that any subsequent update notifications are probably fake, and act accordingly (either ignore them, or consult the vendor for guidance before doing anything).
For Flash Player specifically:
Always download Flash Player from here: https://get.adobe.com/flashplayer/
When you install, choose the default option of "Allow Adobe to Install Updates (recommended)", and we'll keep it updated for you.
Google Chrome ships Flash Player as a built-in component, and keeps it updated automatically. There's nothing separate to download, install or configure.
Microsoft Edge and Internet Explorer on Windows 8 and higher also include Flash Player as a built-in component of their browser, and updates are handled automatically through Windows Update. Again, as long as Windows Update is enabled, there's nothing to download or configure.
Also, while you've manually cleaned up the stuff that you can see, you installed malware on your machine. There's a large universe of unknown unknowns, but the malware guys at this point are generally professionals. They test against the popular antivirus and cleanup tools. While you've removed the obvious visible signs of the malware infection, you're putting a lot of faith into the tools that you used. This sort of requires a gut-check on your part about what your risk tolerance and confidence level is. It also depends on what you do with the computer (health care, banking, etc.). Good malware is going to first establish a foothold, but the second order of business would be to ensure resilience. Without an exhaustive (and expensive) forensic analysis, there are no guarantees that you've eradicated everything that was installed.
If it were me, I'd probably back up all of the critical data on the machine and then burn the whole thing down and start from scratch (e.g. format the hard disk, reinstall the operating system and applications from pristine sources, install a reputable antivirus utility, scan my backups and then restore them. I'd then go buy a password manager like LastPass/OnePass/KeyPass/etc. and set about ensuring that I have unique, strong passwords for each of the important online services that I use (including any email services that could be used to reset those passwords), and set up two-factor authentication wherever it's offered.
Thank you. Very helpful and very appreciated.
On Wed, Dec 12, 2018 at 1:26 PM jeromiec83223024 <firstname.lastname@example.org>