Security experts at Intego are warning Apple Mac users of a new in-the-wild malware threat, which masquerades as an installer for Adobe Flash Player.
The malware, which Intego says appears to be a variant of OSX/Shlayer and OSX/Bundlore, was found hiding on webpages after searching Google for the “exact titles of YouTube videos”:
Download free Adobe Flash Player software for your Windows, Mac OS, and Unix-based devices to enjoy stunning audio/video playback, and exciting gameplay. Adobe Flash Player 32 (Win, Mac & Linux) debugger (aka debug player or content debuggers) and standalone (aka projectors) players for Flex and Flash developers. – Updated debugger and standalone versions of Flash Player. Flash Player can now take advantage of native support for 64-bit operating systems and 64-bit web browsers on Linux®, Mac OS, and Windows®. Multi-threaded video decoding. Deliver live streaming and real-time interactive video with improved playback performance and increased frame rates of high bit rate content running on Windows, Mac OS,. Access to the flash player version of the game (and our 059 Client) will remain online for the forseeable future. DECA plans to phase out access to the flash client eventually, but not after rigorous testing of Unity Exalt with the full playerbase. For now, Exalt is only available on Mac and Windows. Download flash projector for Realm of the Mad God Download the Flash Player projector Download run flashplayer32sa.exe (its projector, not basic flash player).
While searching Google for the exact titles of YouTube videos, Intego’s research team encountered Google search results that, when clicked, pass through multiple redirection sites and end up on a page that claims the visitor’s Flash Player is out of date, and displays deceptive warnings and fake dialog boxes to entice the victim to download a supposed Flash Player updater—which is, in fact, a Trojan horse.
Using the disguise of an Adobe Flash Player update is hardly new for malware, even on Apple Macs, but what is more unusual is how the malware attempts to hide its activities from both the computer user and security software.
According to Intego’s chief security analyst Joshua Long, the bogus Flash installer app is in reality a bash shell script.
Music Download For Mac
The malicious script spews out a password-protected .ZIP archive file, containing a malicious app that is installed in a hidden temporary folder. This app, in turn, downloads a legitimate installer for Flash Player digitally-signed by Adobe in an attempt to not arouse suspicion.
However, the malicious app also has the ability to download further malware and adware from command-and-control servers operated by whoever is orchestrating the attack.
Frankly, in the year 2020, you probably shouldn’t be installing any versions of Flash on your computer – whether they be legitimate or bogus. There are virtually no sites that still rely upon Flash, and even Adobe is keen for you to forget all about it.
Best Flash Player For Rotmg
Stop making life easy for cybercriminals. Ensure that you don’t have Adobe Flash lingering on any of your computers, and then you’ll know for certain that any prompts to update it can only be malicious. :)
And, of course, all Mac users should be running an up-to-date anti-virus program, and exercising caution about the software they install onto their computers.
Free Downloads For Mac
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.