![Adobe Adobe](/uploads/1/2/6/0/126015398/335909546.png)
Text Size
There's a fake Flash Player update scam doing the rounds on the Internet, tricking users into installing a legitimate update, but also bundling the Adobe. Fake Flash Player Update Infects Macs with Scareware [Updated] Posted on February 5th, 2016 by Graham Cluley. Anyone who has been using computers for any length of time should (hopefully) be aware of the endless ritual of updating Adobe Flash against security vulnerabilities. Mar 23, 2013 Fake Adobe Flash Player Installer and Redirect Virus Adobe Flash Player Installer is a genuine bit of software, but nasty virus creators and made a Fake Adobe Flash Player Installer. There's a fake Flash Player update scam doing the rounds on the Internet, tricking users into installing a legitimate update, but also bundling the Adobe Flash Player package with scareware. The researchers from the SANS Technology Institute discovered this new campaign, and they explain that the fake Flash Player update is presumably being served via malicious advertising.
While they’re much less vulnerable than their Windows-based counterparts, Macs are still susceptible to contracting malware. Macs have even been infected by Windows-based malware cleverly disguised as award-winning titles like Adobe’s Flash Player. In fact, malware disguised as Flash Player is “particularly favored” among nefarious actors trying to exploit macOS machines, 9to5mac notes.
And while software like Malwarebytes is designed to scan for and remove potentially malicious software automatically, according to a blog post published by the security firm this week, there’s a new and much more aggressive variant of Flash Player malware currently on the loose — described in the post as a version of Crossrider adware capable of protecting itself from removal.
Essentially, the downloadable Flash plug-in is capable of changing the home page in both Apple’s Safari and Google’s Chrome web browser on macOS computers and, disturbingly, won’t allow users to change it back once it’s installed.
“After removing Advanced Mac Cleaner, and removing all the various components of Crossrider that have been littered around the system, there’s still a problem. Safari’s homepage setting is still locked to a Crossrider-related domain, and cannot be changed,” the firm explains, noting how “It turns out that this is caused by a configuration profile installed on the system by the adware.”
“Configuration profiles provide a means for IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.”
How to Delete Crossrider Malware and Restore Your Mac
Fake Adobe Flash Player Steal
As the firm explains, locating and deleting the installed Crossrider profile once it’s been installed can be tricky — but it’s still possible to erase, and restore your system/web browser back to its original settings.
Open System Preferences from your Mac desktop and click the Profiles icon. NOTE: if there’s no Profiles icon, then you don’t have any profiles installed, which is normal, according to Malwarebytes.
“This profile installs with an identifier of com.myshopcoupon.www, which is not visible in System Preferences,” the firm explains. “However, the profile can definitely be identified by scrolling through the details and looking for references to chumsearch[dot]com.”
To read more on this malware and how to properly identify and remove it if you’ve recently downloaded the Adobe Flash player specified, click here.
Read Next:Maker of iPhone Hacking Tool Suffers Data Breach, Extortion Threats
Helpful Links Regarding Flashback Trojan and Virus Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
A link to a great User Tip about the trojan: Flashback Trojan User Tip.
To check for the trojan: Anti Flashback Trojan 2.0.4.
A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. Or the preferred method is to use Apple's protection tool: Flashback Malware Removal Tool 1.0.
Or, open Software Update. If you do not have the Apple protection software installed it will download and install it via Software Update. If no update appears that means you either already have it installed or it isn't needed for your system. The software is only available for Leopard, Snow Leopard, and Lion versions of OS X.
Also see Apple's article About Flashback malware.
Fake Adobe Flash Player Mac
For general anti-virus protection I only recommend using ClamXav.
As for the DNS Changer malware see the following:
Jul 6, 2012 10:16 PM