back to article Fake Flash update malware targets gullible Apple users

Security watchers have spotted a shareware scam targeting Apple users that features malicious code signed with a legitimate Apple developer certificate. The dodgy software poses as an Adobe Flash update, typically presented to potential marks as a pop-up reminder. Those who fall for the ruse will end up unwittingly …

  1. Anonymous Coward
    Anonymous Coward

    Warning

    Adobe require you to log in with a password to install it, then proceeds to install a daemon to call back to the mother ship for updates.

    If you do not need it, do not install it.

    1. Stuart Castle

      Re: Warning

      This may seem like nitpicking, but Adobe don't require you to log in with a password to install flash on ANY platform. OSX does, which is something it inherited from BSD (the version of Unix upon which it is based).

      That said, it's good advice not to install anything if you don't need it, which is why when I re-install my Mac or PC, I tend to install software as and when I need it, rather than just install a whole list when I re-install the OS.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Warning

        Well you are correct on Windows, however the article was about Flash on Apple OSX.

        Please tell me I am wrong and you can install it without have to provide a username and login, on Apple OSX?

        1. I sound like Peter Griffin!!

          Re: Warning

          Can you read his reply to you, and reply to me if you still REALLY don't get what he just said....?

      3. Anonymous Coward
        Anonymous Coward

        Re: Warning

        Really?

        I heard Adobe DOESN'T require a person to log in with a password to install flash on ANY platform.

    2. Anonymous Coward
      Anonymous Coward

      Re: Warning

      "gullible Apple users"

      That must leave very few excluded!

      1. UNOwen

        Re: Warning

        Boy, are you ever correct.

        It seems humanity (esp. Americans) are DE-volving.

        I've used macs for a long time, and I DO know what I'm doing, but, every once inn a while, I'll have a question, and whenever I get results back - which come from the Apple boards, 'm utterly gobsmacked at the high-level of utter stupidity.

        People who don't know what they're doing, much less talking about - are endlessly giving 'advice,' which well, here's an analogy (I'm making this up); I have 'no-fault' insurance, so, I'm protected, and my car's horn sounds a little-bit off, so, even though I know nothing about auto mechanics, I decide to take apart my entire car - piece-by-piece, and whilst doing this, I come across a 'thingy', which - I just think it's not supposed to be there, so, I looked on Google, to see if anyone else ever saw this 'thingy', and you-know-what? There was some guy, who said if it looks sort of like a fork, but, instead of tines, it's got tweezers, and I knew he knew much more than....'

        They're out of their minds.

        These are the type of people who think an antI-virus software will 'cure' everything', so no matter what stupid thing they do - what thing pops up on their screen, and says 'click on me', they do, so,thinking; 'nothing bad can happen - I've got antI-virus protection.'

        I really have no patience for morons. As I said, I've had Macs a long time, and I do know what I'm doing, and I do take risks, but, in all my years, not ONCE have I EVER had ANY malware, or anything else installed (downloaded yes. NOT installed).

  2. Paul F

    Mostly what we've seen in the wild is AdWare, which MalwareBytes for Mac takes care of very nicely. Plus people falling for the "your computer is infected!" variety of popup and calling the number.

    Lots of naive people out there.

    1. John 104

      Yeah, they are called Mac users. How many of them really understand what they are doing? In my experience supporting them, I have not seen many. Most of them are typical clueless users who would just as easily click on an OK button to install malware on a Wintel box.

      Frankly, I'm surprised that more of this hasn't been seen. Knowing the average Apple users, this seems like easy pickings...

      1. Lamont Cranston
        Stop

        Don't pretend that this is unique to users of one particular operating system.

        You know it isn't.

      2. BurnT'offering

        Re: typical clueless users

        I bet they love you too

      3. Jess

        Re: Mac users

        The issue is that because OS X is almost immune to viruses, people often wrongly assume that it is immune to all malware.

        1. BurnT'offering

          Re: Mac users

          As a committed Apple fanboi, I would say that any claims of immunity are questionable at best.

        2. Ben Rose
          Megaphone

          "almost immune"

          Either you're immune or you aren't. There is no such thing as "almost".

  3. This post has been deleted by its author

  4. Calum Morrison

    But...

    Is it actually worse than the real thing? I reckon I'd take my chances...

  5. Anonymous Coward
    Anonymous Coward

    A genuine version of Adobe Flash is downloaded in the background onto Macs alongside the malware

    How do you tell the two apart?

    1. Fitz_

      Re: A genuine version of Adobe Flash is downloaded in the background onto Macs alongside the malware

      The malware doesn't try to install McAfee or hijack your search settings.

  6. Efros

    Scareware

    boots your computer in the middle of the night and plays the shark theme from Jaws at full volume, it'd scare the bejesus out of me!

    1. TeeCee Gold badge
      Devil

      Re: Scareware

      If it played the rising two-tone electronic noise announcing the imminent arrival of the invisible monster from "Forbidden Planet", I'd quite probably wee myself.

      1. MrDamage

        Re: Scareware

        Or worse, a burly male voice calling out "Hi honey, I'm home!" whilst mid-boink.

  7. DougS Silver badge
    Trollface

    How do you tell the difference

    Between a legitimate flash update from Adobe and a fake flash update loaded with malware? They both leave your computer wide open to attack, so I don't think it matters which one you install.

  8. Utrecht

    I dumped Flash about a year ago...

    Lived happily ever after.

  9. Steve Davies 3 Silver badge

    What is this "Flash" thing?

    Do I use it to clean floors?

    Only joking.

    When I migrated to a new MacBook Pro (from a 2009 model) last year, I removed flash and it won't get installed on it. Ok, so I can't play videos on some sites such as the Beeb but hey, at least I don't have to go through the almost weekly security update patching cycle with that bit of crapware called Flash.

    It's time has past. Please Adobe bury it and let us move on.

    1. Anonymous Coward
      Anonymous Coward

      Re: What is this "Flash" thing?

      If you need to view the BBC sites videos, in Safari enable the develop option, then change the user agent to IOS.

      1. Anonymous Coward
        Anonymous Coward

        Re: What is this "Flash" thing?

        Which works well - but then some sites (I think the Guardian is one of them) insist that it must be a mobile device, therefore you will get their crappy interpretation of a 'mobile' page - even on a decent sized tablet. However losing flash in favour of HTML5 (seems to be mother and take up less bandwidth than flash on my desktop) is worth it.

  10. Old Tom

    Hey glib 'don't install Flash' people

    I have to have it installed for my son's online maths homework. He uses the mac because I reckon it's safer than him going online with Windows.

    I always treat Flash update notifications with huge suspicion and go and do the update myself. The fact that their notification has a 'click here' button is a great enabler for the bad guys - it should be a notification, not a link to anything.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019