9 Replies Latest reply on Mar 1, 2017 2:21 PM by martinbay

    Fake Flash Install

    herrendez Level 1

      So I was prompted the other day to update Flash player. Everything looked just as it normally does so I continued to download and install the update to flash, however, after downloaded in noticed something that cause me concern. It had to do with the URL: https://get3.adobe.com/flashplayer/update/ppapiosx/

      The little "3" after "get" didn't look familiar. What I need to know is if this is a legit link? If not I need to search for this rouge app and delete it, if at all possible Here is an image of the file in question.

      Screen Shot 2016-09-12 at 9.55.23 AM.png.

        • 1. Re: Fake Flash Install
          m_vargas Adobe Employee

          @herrendez

           

          Yes, that is a legitimate URL.  Thanks for checking before installing.

           

          --

          Maria

          • 2. Re: Fake Flash Install
            herrendez Level 1

            This eases my mind. Thank you so much!

            • 3. Re: Fake Flash Install
              TFF3 Level 1

              I received a message  today from a legit site I use daily that my Flash Player needed an update.  I thought I  was updating my Flash Player only to find a obnoxious and aggressive  sell ad locking my screen. It was for an offshore scam operation called "Advanced Mac Cleaner". Shut down and powered back up.

               

              I had not heard of this particular software or seen it before. The Flash icon appeared to be legit.  I then found both a "Flash" installer app with today's date as well as the Advanced Mac  bearing  today's date. I trashed both.

               

              Is it possible for these scammers to piggyback on a legit Flash Player install?  Or do they just copy the Flash Player icon? Does Adobe take any actions to disrupt their operation? Is there an Adobe contact to report such?

              • 4. Re: Fake Flash Install
                markl11848571 Level 1

                I received a pop-up message today which asked me to update my flash player.

                When I downloaded the files, I suspected this may be a phishing file and had a slightly different file name than that on the Adobe site. The file on the right side is from the Adobe web site and has a has a create date of June 21, 2016 and a file size of 2.4 MB. The file on the left is from the pop-up and is much smaller (0.77 MB) and has a create date of 9-12-2016.

                Assuming the install program from the Adobe website is correct, but looking for confirmation and advice to block this realistic looking pop-up.

                 

                markl11848571Adobeflashplayer versions phish or no phish? au?.png

                • 5. Re: Fake Flash Install
                  m_vargas Adobe Employee

                  Hi TFF3

                   

                  It is absolutely possible for scammers to piggyback on legit Flash Player installers, and unfortunately they do.  Thanks to your sharp eye you didn't fall prey to installing some unwanted program on your system.  Adobe does take action to disrupt them.  If you have the URL from where you downloaded the fake installer from you can either private message it to me or send it directly to phishing@adobe.com (see Notifying Adobe of Security Issues).

                   

                  --

                  Maria

                  • 6. Re: Fake Flash Install
                    m_vargas Adobe Employee

                    Hi markl11848571 ,

                     

                    Based on the info provided it's possible both are legit, but the June 21 date is a odd. The info from the screenshot on the left seems to be the info from the DMG file, whereas the info from the screenshot on the right seems to be the info from the .app file. Please do the following:

                     

                    • Mound the DMG file for each file
                    • Open Terminal (/Applications/Utilities/Terminal.app
                    • At the prompt type: codesign -vvd then drag and drop the APP from the mounted DMG onto the Terminal app.  It'll look something like: codesign -vvd /Volumes/Adobe\ Flash\ Player\ Installer/Install\ Adobe\ Flash\ Player.app
                    • Hit Enter
                    • Copy and paste the results for both files in your reply

                     

                    --

                    Maria

                    • 7. Re: Fake Flash Install
                      martinbay Level 1

                      Maria, I got a Flash Out-of-date pop-up notice.  Looked like it came from Adobe.  Downloaded.  Pfish crap.  MacCleaner piggy-backed.  Totally annoying.  Now I need to clean my Mac of Mac Cleaner...  I will kill that company...

                       

                      -- Martin

                      Digital Creative Director

                      • 8. Re: Fake Flash Install
                        m_vargas Adobe Employee

                        Hi martinbay ,

                         

                        I'm sorry that happened.  On occasion (when I have time) I perform internet searches for fake flash player installers and forward them to our fraud/phishing team.  I'm very, very familiar with the Flash Player branding, and the branding on our download page, and sometimes I'm amazed at the branding on some of these fake flash sites/installers looks like the official branding.  Sometimes it's just one or two words off and this is something the average user wouldn't know.  A few ways to avoid downloading a fake installer:

                        • Opt into background updates - when an update is found it's downloaded and installed silently in the background without user interaction. This is the quickest way to update Flash Player after a new version is available.
                        • When you get a pop-up notification announcing a new version is available, close the pop-up and go to https://get.adobe.com/flashplayer to download the latest version.  This page performs OS/browser detection and offers the appropriate plugin for that os/browser combination.  If you use multiple browsers, you can repeat this for each browser, or go to get.adobe.com/flashplayer/otherversions and download the installers for the various browsers you use.

                         

                        --

                        Maria

                        • 9. Re: Fake Flash Install
                          martinbay Level 1

                          800-722-4077 was the phish number that connected to India...

                           

                          Sent from my iPhone