Beware of fake flash player updates

Sicherheit[German]A warning to people who are currently checking the Internet for updates to Adobe Flash Player. There are apparently already fake sites that try to push malware onto the user’s systems.


Advertising

Some background

There is a zero-day vulnerability in Adobe Flash Player CVE-2018-4878. After a warning from the Korean CERT, that the Zero Day vulnerability is being exploited, Adobe has also released a Security Advisory. Details can be found in my blog post New Adobe Flash Zero-Day exploit in the wild.

Adobe had announced an update of the Flash Player version 28.0.0.0.161 for February 5, 2018. An update is being rolled out (see my blog post Adobe Flash Player: New Update 28.0.0.161). Within this article I pointed out, how to obtain the Flash Player update from Adobe.

Fake-Sites offering Malware

According to a report at Bleeping Computer, there are first fake sites that try to push a Flash Player installer with PUPs onto the user systems. Lawrence Abrams from Bleeping Computer visited such a website. During visit of the Fake ‘Adobe Flash Player Update page’ a popup appears. The popup contains a message, that the Flash Player is outdated and needs to be updated. If the user accepts to install the Flash Player, the browser downloads a file java-player.exe and installs a crypto miner. Go to my blog post Adobe Flash Player: New Update 28.0.0.161 and use the links within my article to obtain the updates from Adobe.

Similar articles:
New Adobe Flash Zero-Day exploit in the wild
How to disable Adobe Flash Player in Windows 8, 8.1, 10
Adobe Flash Player: New Update 28.0.0.161
Adobe Flash Player version 28.0.0.137 released


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *