Resolved Fake Flash update: How did this happen?

Discussion in 'macOS' started by Nermal, Sep 30, 2011.

  1. Nermal, Sep 30, 2011
    Last edited: Oct 1, 2011

    Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #1
    I read the news earlier this week about the fake Flash update, and I just ran into it. I'm not sure how it happened though!

    I'm using Safari and while visiting a site I had "Flash Player Install Manager" open itself and try to get me to continue, with dire warnings of security issues if I didn't update (I wish I'd taken a screenshot). However, Safari's Downloads window was empty and no DMG (or any other filetype) was added to my download folder.

    Is this a newer, more "silent" type of attack? I force quit the installer and for good measure installed the latest Flash from Adobe's site, but I'm not sure how this "updater" managed to sneak onto my system! Any ideas? Should I look for any particular files that may now be hiding on my system? I don't see anything odd in Activity Monitor.

    Thanks :eek:

    Edit: False alarm, see posts 10 and 11 for details.
     
  2. JDrive macrumors member

    Joined:
    Jun 3, 2010
    #2
    You shouldn't be infected unless you have the ~/Library/Preferences/Preferences.dylib file.
     
  3. Nermal thread starter Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
  4. Badrottie Suspended

    Badrottie

    Joined:
    May 8, 2011
    Location:
    Los Angeles
    #4
    it happened to my windows PC it caused virus...I thought it was real flash when I downloaded it. :(
     
  5. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #5
    Flash Never

    ....Comes with dire warnings, Beware!
     
  6. mrgraff macrumors 6502a

    mrgraff

    Joined:
    Apr 18, 2010
    Location:
    Albuquerque
    #6
    Was it an actual application, complete with its own menu bar? Or one of those extremely real looking and convincing pop-up windows that often trick PC users into downloading an antivirus product that is itself a nasty piece of malware?
     
  7. Nermal thread starter Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #7
    It had a menu bar and dock icon. It was actually executable code running on my machine, which is why I'm so concerned about it!
     
  8. basher macrumors 6502

    basher

    Joined:
    May 27, 2011
    Location:
    Glendale, AZ USA
    #8
    Is this the item you're referring to?

     
  9. Nermal thread starter Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #9
  10. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #10
    I had the same thing happen, and I'm not sure it's fake. I think what happened was that when you loaded a page that had a Flash element, Adobe's notification system sent a message to the Flash Updater on your system (it's a separate app that already exists, not 100% sure where it resides though), which then launched and prompted you to update. I reacted the same way you did, but I think it may have been legit after all. That explains why there was no download in Safari, though, because nothing actually was downloaded.

    jW
     
  11. Nermal, Oct 1, 2011
    Last edited: Oct 1, 2011

    Nermal thread starter Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #11
    Hmm, interesting. In eight years of using OS X I've never had it pop up like that. Of course, it could be a new feature in Flash 10.3 that just happens to have bad timing with the malware discovered in August.

    I was on a legitimate site (amd.com) at the time, and I also see that Flash Player Install Manager is sitting in my Utilities folder and that its Created and Modified timestamps are both set to when I manually reinstalled Flash. It looks like it is legitimate, after all!

    Sorry to everyone for the false alarm, although I'm sure that you can see why I was concerned :)
     
  12. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #12
    I have disabled updates on every piece of software on my system except Apple and Chrome. Those other companies can send me requests which I continue to ignore. Flash isn't a huge security issue for me updated or not because I don't own a browser without a flashblock plugin that defaults to active (blocked).
     

Share This Page