7 Replies Latest reply on Oct 11, 2018 3:58 PM by ryans32488126

    Adobe's 'Partner' 2144 in China has suspicious malware actions in Flash Player distribution

    horseluke Level 1

      1. Background



      In Feb 2018, Adobe now distribute Adobe Flash Player in China with Partner 2144 (https://wwwimages2.adobe.com/content/dam/acom/cn/about-adobe/newsroom/pdfs/【媒体快讯】Adobe与214 4合作在中国大陆发行Flash%20Player_3.pdf ). But it seems that 2144 has some suspicious malware actions in Flash Player distribution. Previous discussion can be found in adobe forum, like:







      Now, it contains a new  suspicious malware action: prompt advertisements using disguise mataintance service.



      2. Problem detail: disguise mataintance service



      When installing Adobe Flash Player 30 in 2144 distribution, it install a service named "Flash Helper Service". Description of  "Flash Helper Service" says "Flash Player update assistant service…send anonymous usage to 2144…".




      But In fact, this disguise mataintance service also  prompt advertisements that user does not needed. This can be harmed to enterprise user.





      Another user reported, if user disable this service, Flash player can not run:




      In weibo, some users complain about  2144 distribution. A post pointed out that "Flash v30.0.0.113 seems lock region": http://weibo.com/5664614383/GkthLBSxp?refer_flag=1001030103_








      3. Affected



      All users in China using Adobe Flash Player by 2144 distribution



      4. Suggestion



      4.1 For customer


      If needed, remove flash player and wait for Adobe reaction.


      This action should be taken in enterprise in which need high security level.


      4.2 For Adobe


      It has been harmed to Adobe reputation. Adobe should revoke 2144 parentship.


      Adobe should distribute Adobe Flash Player by own server, and provide clean offline Adobe Flash Player installation.