Locked

Installing Flash from Schwab.com

New Here ,
Sep 26, 2017 Sep 26, 2017

Copy link to clipboard

Copied

Hello, I tried installing Flash this morning and it took over my Safari by wiping my home page and opened a booking.com app which installed on my computer. Is this normal

Views

487

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Sep 26, 2017 Sep 26, 2017

Copy link to clipboard

Copied

No.  Official Flash player installer will not modify the user's home page, nor install a booking.com app.


When you were prompted to download/install, were you in an area of the schwab.com site that requires log-in to access? If not, please provide the link to the exact location where you were prompted to download/install Flash.

Thank you.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 28, 2017 Sep 28, 2017

Copy link to clipboard

Copied

I can't remember where I was but I have since removed the mac cleaner app that I found in my applications folder

which was installed

Do I still need to reinstall my OS and wipe my machine?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Sep 28, 2017 Sep 28, 2017

Copy link to clipboard

Copied

It totally depends on your risk tolerance.  The software you installed was pretty shady.  Without an expert forensic evaluation (which would be time consuming and prohibitively expensive), it's hard to know what it did.  If the installer left a little utility behind that logs your keystrokes and sends them home, that's a big problem even if you do change all of your passwords (Two-Factor authentication might help to some degree, since an attacker would still need access to your phone, or at least pretty comprehensive control over your computer.)

You're putting a lot of trust in that cleaner utility to have detected every possible method malware could use to hide on the system, and the malware guys are really good.  We're long past the "kids in basements" days.

So yeah, there's a chance that maybe it was just relatively benign adware, but you're rolling the dice.  If it were me, I'd sleep better knowing that I was doing my banking on a pristine machine that I trusted.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 28, 2017 Sep 28, 2017

Copy link to clipboard

Copied

LATEST

thank you I will do as you recommend much appreciated.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Sep 27, 2017 Sep 27, 2017

Copy link to clipboard

Copied

In all likelihood, it sounds like you were tricked into downloading malware designed to impostor a legitimate Flash Player download.  Unfortunately, because Flash Player is ubiquitous, it's a great choice for bad actors looking to get you to install something.  As technical controls become increasingly difficult to exploit, attackers increasingly focus on human factors, which are easier to trick.

Given that you were working with important financial services at the time, you might want to take a few minutes to go find a clean computer and change the passwords for that and any other important services you might have used since performing that installation.

Once you've done that, you should probably think about reverting the machine to a state prior to doing that installation.  If this is a work computer, I'd recommend talking to your IT department today.  If this is a personal machine, and you've got Time Machine (or some other solution) backups, that should be a straightforward exercise.

If you don't have have good backups and it's your personal machine, you have a bit of a mess on your hands; however, if you're using that machine for accessing important services like banking and healthcare, it's probably wise to deal with the problem.  The most thorough approach would be to copy off any important files, then just wipe the machine and reinstall MacOS.  If that's intimidating or particularly ugly, you might want to seek out expert help on that front.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Sep 27, 2017 Sep 27, 2017

Copy link to clipboard

Copied

Also, since you're probably stuck changing passwords and cleaning this up, this would be a great time to enable two-factor authentication on important accounts like your email and financial services.  You would also be wise to switch to a password manager that will create and keep track of unique passwords for each site that you use.  That way, if a site you used is compromised, you don't need to worry about those credentials exposing all of the other services that you use.

There's a good list of options here:

Best Password Managers of 2017 - LastPass vs. True Key vs. 1Password

Finally, if you don't have backups, you might look at enabling Time Machine on Mac, and/or using a third-party cloud service (off-site backups are great defenses against fires and ransomware).  There's a list of services here: https://www.cloudwards.net/cloud-backup-for-mac/

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines