This eases my mind. Thank you so much!
I received a message today from a legit site I use daily that my Flash Player needed an update. I thought I was updating my Flash Player only to find a obnoxious and aggressive sell ad locking my screen. It was for an offshore scam operation called "Advanced Mac Cleaner". Shut down and powered back up.
I had not heard of this particular software or seen it before. The Flash icon appeared to be legit. I then found both a "Flash" installer app with today's date as well as the Advanced Mac bearing today's date. I trashed both.
Is it possible for these scammers to piggyback on a legit Flash Player install? Or do they just copy the Flash Player icon? Does Adobe take any actions to disrupt their operation? Is there an Adobe contact to report such?
I received a pop-up message today which asked me to update my flash player.
When I downloaded the files, I suspected this may be a phishing file and had a slightly different file name than that on the Adobe site. The file on the right side is from the Adobe web site and has a has a create date of June 21, 2016 and a file size of 2.4 MB. The file on the left is from the pop-up and is much smaller (0.77 MB) and has a create date of 9-12-2016.
Assuming the install program from the Adobe website is correct, but looking for confirmation and advice to block this realistic looking pop-up.
It is absolutely possible for scammers to piggyback on legit Flash Player installers, and unfortunately they do. Thanks to your sharp eye you didn't fall prey to installing some unwanted program on your system. Adobe does take action to disrupt them. If you have the URL from where you downloaded the fake installer from you can either private message it to me or send it directly to firstname.lastname@example.org (see Notifying Adobe of Security Issues).
Hi markl11848571 ,
Based on the info provided it's possible both are legit, but the June 21 date is a odd. The info from the screenshot on the left seems to be the info from the DMG file, whereas the info from the screenshot on the right seems to be the info from the .app file. Please do the following:
- Mound the DMG file for each file
- Open Terminal (/Applications/Utilities/Terminal.app
- At the prompt type: codesign -vvd then drag and drop the APP from the mounted DMG onto the Terminal app. It'll look something like: codesign -vvd /Volumes/Adobe\ Flash\ Player\ Installer/Install\ Adobe\ Flash\ Player.app
- Hit Enter
- Copy and paste the results for both files in your reply
Maria, I got a Flash Out-of-date pop-up notice. Looked like it came from Adobe. Downloaded. Pfish crap. MacCleaner piggy-backed. Totally annoying. Now I need to clean my Mac of Mac Cleaner... I will kill that company...
Digital Creative Director
Hi martinbay ,
I'm sorry that happened. On occasion (when I have time) I perform internet searches for fake flash player installers and forward them to our fraud/phishing team. I'm very, very familiar with the Flash Player branding, and the branding on our download page, and sometimes I'm amazed at the branding on some of these fake flash sites/installers looks like the official branding. Sometimes it's just one or two words off and this is something the average user wouldn't know. A few ways to avoid downloading a fake installer:
- Opt into background updates - when an update is found it's downloaded and installed silently in the background without user interaction. This is the quickest way to update Flash Player after a new version is available.
- When you get a pop-up notification announcing a new version is available, close the pop-up and go to https://get.adobe.com/flashplayer to download the latest version. This page performs OS/browser detection and offers the appropriate plugin for that os/browser combination. If you use multiple browsers, you can repeat this for each browser, or go to get.adobe.com/flashplayer/otherversions and download the installers for the various browsers you use.
800-722-4077 was the phish number that connected to India...
Sent from my iPhone