New OS X malware masquerades as flash upgrade

Report · Sep 28, 2011

There is a new mac os x trojan which tricks the user by posing as a flash upgrade. I downloaded a file which may be the trojan last week. It is called install_flash_player_osx_intel.dmg, and it is size 6,376,888 bytes. Today I went to get.adobe.com manually and downloaded the legitimate install_flash_player_osx_intel.dmg, and it is size 6,365,350 bytes.

I also acquired an application last Wednesday at the same time as the install_flash_player_osx_intel.dmg appeared, called 'Adobe Flash Player Install Manager' in my /Applications/Utilities directory.

Is the 6,376,888 bytes file legit? Is '/Applications/Utilities/Adobe Flash Player Install Manager' legit? Is there any published hash values for adobe software or other tools to ensure that what users download is the real software?

(Is everyone -- like me -- who turned on the 'Check for updates automatically' in the Flash pane of System Preferences a complete fool? Ok, I know the answer to that. *sigh*)

Report · Sep 30, 2011

> Is '/Applications/Utilities/Adobe Flash Player Install Manager' legit?

Using flashplayer11_rc1_install_mac_090611.dmg from Adobe, Install Adobe Flash Player.app does write to that path. Here's an fseventer view of things:

Adobe Community

New OS X malware masquerades as flash upgrade