Education about the Adobe Flash Updater for Mac:
I do not know how the flash player for PC is updated, or if it has undergone a change in the last year like the apple version has.
The flash player used for all browsers on a Mac changed sometime in the past year (I think it might have been when version 11 was released, but I cannot be sure).
For more then a decade Mac users had to visit the adobe website and manually download the player by going to the downloads section. Apple users weren't even told when a new version of the adobe player was up. The adobe player updates were never incorporated into the apple updater.
Due to the Flash Player being very susceptible to hackers for the mac, adobe has been updating the mac version of the player much more rapidly then it did previously, almost as much as the PC version, which is MUCH more frequent then mac users are used to. None of the Mac users were keeping up.
So Adobe rolled out a new change (again about a year ago) for the adobe player updater for mac. Adobe seeded websites that use flash to send a request to mac users through their browser for permission to receive updates from adobe in a pop up window (you can see where this bright idea is headed). Once you clicked yes to accept this window, from then on any time you hit a “seeded” flash page and your flash player was out of date, you’d be promoted by a adobe window to download and install the newest flash player. When you clicked yes to the download, the program would download to your computer and open itself, and then ask for permission password to install. It even comes with a cute little “force quit” option for shutting down all open browsers before installing.
I have to admit that I have enjoyed this change since it has prevented me from having to check the adobe website over and over again inorder to stay current.
The internet is reporting, rather late, about a trojan malware version of this adobe updating browser pop up window I just described. Hackers simply copied the adobe pop up look, and instead of installing flash you installed the trojan. I can see that happening for mac users very easily, and I may have done it too, I am not sure. Apple released a patch for a it a while ago, so when I check there was nothing on my computer.
Overall, I would mostly blame adobe, since they are the ones who started releasing flash patches in this fashion. Until adobe started using this pop up, no one on a mac would ever install anything that showed up as a pop window from a browser. If adobe had just played nice with apple (or vice-versa) then I am sure their updater would be incorporated into the apple updater just like Java and other apps are.
What is new in the article is that this trojan as supposedly spread to a Java Installer or faults within Java. This is new, and I know I have not been asked for a password for installing anything related to Java, since Java is handled by apples installer app.
From Dan's Link:
Installation
On execution, the malware checks if the following path exists in the system:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
LoL, I have Little Snitch installed.
The flash player used for all browsers on a Mac changed sometime in the past year (I think it might have been when version 11 was released, but I cannot be sure).
For more then a decade Mac users had to visit the adobe website and manually download the player by going to the downloads section. Apple users weren't even told when a new version of the adobe player was up. The adobe player updates were never incorporated into the apple updater.
Due to the Flash Player being very susceptible to hackers for the mac, adobe has been updating the mac version of the player much more rapidly then it did previously, almost as much as the PC version, which is MUCH more frequent then mac users are used to. None of the Mac users were keeping up.
So Adobe rolled out a new change (again about a year ago) for the adobe player updater for mac. Adobe seeded websites that use flash to send a request to mac users through their browser for permission to receive updates from adobe in a pop up window (you can see where this bright idea is headed). Once you clicked yes to accept this window, from then on any time you hit a “seeded” flash page and your flash player was out of date, you’d be promoted by a adobe window to download and install the newest flash player. When you clicked yes to the download, the program would download to your computer and open itself, and then ask for permission password to install. It even comes with a cute little “force quit” option for shutting down all open browsers before installing.
I have to admit that I have enjoyed this change since it has prevented me from having to check the adobe website over and over again inorder to stay current.
The internet is reporting, rather late, about a trojan malware version of this adobe updating browser pop up window I just described. Hackers simply copied the adobe pop up look, and instead of installing flash you installed the trojan. I can see that happening for mac users very easily, and I may have done it too, I am not sure. Apple released a patch for a it a while ago, so when I check there was nothing on my computer.
Overall, I would mostly blame adobe, since they are the ones who started releasing flash patches in this fashion. Until adobe started using this pop up, no one on a mac would ever install anything that showed up as a pop window from a browser. If adobe had just played nice with apple (or vice-versa) then I am sure their updater would be incorporated into the apple updater just like Java and other apps are.
What is new in the article is that this trojan as supposedly spread to a Java Installer or faults within Java. This is new, and I know I have not been asked for a password for installing anything related to Java, since Java is handled by apples installer app.
From Dan's Link:
Installation
On execution, the malware checks if the following path exists in the system:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
LoL, I have Little Snitch installed.