Malware Peddlers Install Ransomware Through Fake Adobe Flash Player Download Sites

Adobe Flash, with its long lineage of providing Internet-connected computers with a platform for specialized multimedia and motion graphics, has been through hell and back when it comes to malicious exploits and vulnerabilities. While Flash is on a non-stop roller coaster of being the gateway for hackers to exploit computers, they face a new opposition as there is an uprising of fake flash player download pages peddling malware on the wild Internet.

The latest attack against Adobe Flash is an epidemic of hackers creating sites to spoof Adobe's legitimate website. These sites offer up downloads of Adobe Flash or an update to the highly targeted multimedia platform software.

The screenshot below in Figure 1 is of a recently discovered Adobe Flash Player spoof site using a shady URL. Security analysts from Symantec first analyzed the scam and found that it is a two-faced attack utilizing a pop-up notification to download a fake flash player while the other avenue guides users to a simple "Download Now" button.

Figure 1 - Fake Adobe Flash Player download site attempting to spread malicious "update_flash_player.exe" file.
fake adobe flash player update malware site

If either the pop-up or Download Now button are accessed, PC users will be prompted to download a file named "flash_player_updater.exe" or "update_flash_player.exe". Fortunately for us, we have been down this road before and outlined many cases where malware-peddlers have utilized a fake flash player with a name similar to "flash_player_updater.exe". In those instances, the fine was found to infect a computer with malware.

Computer users aware of Adobe Flash's many preconceived vulnerabilities are in a habitual trend of keeping their Flash Player updated at all times for the very thought of preventing incidents like the latest rash of fake Flash Player files circulating on the Internet. Although these computer users have taken the proactive road, they still are not aware of the imminent road block of running across a mimicked Adobe Flash Player site. Though, the only computer users who may stay clear of this road block are those who opt to update their Flash Player automatically. For those who may perform an Internet search for the latest Flash Player, they could easily run into one of this malicious sites, which do an excellent job at resembling the legitimate Adobe Flash Player site.

In knowing that there are these fake Adobe sites on the internet, PC users may look for specific indicators to help give away which site is a counterfeit. One aspect of a fake Adobe site that researchers have revealed is to look at the URL. If it resembles "http://16.a[REMOVED]rks.com/adobe/", then you may have run into one of the malicious sites. Moreover, when clicking on the "Download Now" button on a fake Adobe Flash Player site and error pages show up, it may be a clear indication of the link or site being malicious as well.

In case you are wondering what exactly the malware spread by these fake Adobe Flash Player sites does, look no further than your common Trojan designed to steal passwords from a compromised system, adware that displays repeated advertisements with potentially malicious links, or a Ransomware threat pretending to be the FBI or Interpol asking for payment of a large fine for purportedly doing something illegal online. In any situation, Adobe Flash Player should be downloaded or updated directly from the Adobe.com website.

2 Comments

  • phill:

    nearly every web page that i load goes to this fake Adobe installer after around 20 seconds. not only this but when i open a new tab and don't move to a new web page an audio clip plays about "how to teach your dog to shake hands. both these issues started at the same time, i use chrome

  • talleyb:

    I had gotten irritated at the number of times I had to deal with the pop-up telling me to update my Adobe flash. So, I gave it the 'go ahead', and two days later, all my files had been encrypted. Spyhunter4 allowed me to remove the ransomware virus, but that does NOT get your files back. 8,755 photos had, thankfully, been previously backed to an external drive. I still lost hundreds of family photos and tons of genealogy information. Lesson learned! Now I backup everything daily. But also, I'm now afraid to run Adobe updates at all! Even from their own website!