7 Replies Latest reply on Oct 11, 2018 3:58 PM by ryans32488126

    Adobe's 'Partner' 2144 in China has suspicious malware actions in Flash Player distribution

    horseluke Level 1

      1. Background

       

       

      In Feb 2018, Adobe now distribute Adobe Flash Player in China with Partner 2144 (https://wwwimages2.adobe.com/content/dam/acom/cn/about-adobe/newsroom/pdfs/【媒体快讯】Adobe与214 4合作在中国大陆发行Flash%20Player_3.pdf ). But it seems that 2144 has some suspicious malware actions in Flash Player distribution. Previous discussion can be found in adobe forum, like:

       

       

      https://forums.adobe.com/message/10449812#10449812

       

      https://forums.adobe.com/docs/DOC-9203

       

      Now, it contains a new  suspicious malware action: prompt advertisements using disguise mataintance service.

       

       

      2. Problem detail: disguise mataintance service

       

       

      When installing Adobe Flash Player 30 in 2144 distribution, it install a service named "Flash Helper Service". Description of  "Flash Helper Service" says "Flash Player update assistant service…send anonymous usage to 2144…".

       

      无标11111题.png

       

      But In fact, this disguise mataintance service also  prompt advertisements that user does not needed. This can be harmed to enterprise user.

       

      无标题.0000000.png

       

       

      Another user reported, if user disable this service, Flash player can not run:

      http://bbs.ngacn.cc/read.php?tid=14168850&rand=384

       

       

      In weibo, some users complain about  2144 distribution. A post pointed out that "Flash v30.0.0.113 seems lock region": http://weibo.com/5664614383/GkthLBSxp?refer_flag=1001030103_

       

       

      222.png

       

       

       

       

      3. Affected

       

       

      All users in China using Adobe Flash Player by 2144 distribution

       

       

      4. Suggestion

       

       

      4.1 For customer

       

      If needed, remove flash player and wait for Adobe reaction.

       

      This action should be taken in enterprise in which need high security level.

       

      4.2 For Adobe

       

      It has been harmed to Adobe reputation. Adobe should revoke 2144 parentship.

       

      Adobe should distribute Adobe Flash Player by own server, and provide clean offline Adobe Flash Player installation.