![]() If a website prompts for an Adobe Flash Player update, close the prompt and visit Adobe’s website instead to download it there. Only download software from reliable sources. What steps can Mac users take to protect their computers? In it’s current form the installer is already more sophisticated than the known InstallCore / InstallMiez / InstallImitator installers we have encountered in the past. What should be watched though is the way the installer works, as this can evolve and be used to download much more malicious contents. In this case the downloaded application is harmless and public exposure is not expected to be very widespread. This installer was encountered on a bittorrent website which is not known for providing legal or high quality content. One of the things these installers do have in common is the Developer ID they are signed with, in this case belonging to “adam Chemill (FAFK4ARNVL).” The numbers that are appended to the FlashPlayer name differ every time the file is downloaded though, so no-one will have the same file name twice.Įach downloaded package, when analyzed, has a unique hash and their contents are similar with the same hierarchy and an embedded bundle package. If the “Update” or “Download” button is clicked, however, things become a bit more interesting. The file that is downloaded is named “FlashPlayer_01.30.pkg” and looks like a generic package file. These fake Flash Player pop-ups come in many shapes and sizes but can be recognized as fakes when compared to the real thing, and SilverInstaller is no different. The methods used into tricking the user to download and install the installer are familiar, a website pop-up showing there is a new version of Flash Player available is presented. How is the user presented with the fake Adobe Flash Player update? This behavior was expected of SilverInstaller as well, but during analysis Intego observed that it behaved differently than those fake Flash Player installers we have seen in the past. Some examples are Flashback, ClickAgent, InstallMiez and InstallCore. Today malware researchers at Intego have discovered a new fake Adobe Flash Player installer, which Intego has labeled “SilverInstaller.” These types of installers are nothing new these days and usually result in the same or similar adware to infect a system. Malware + Recommended + Security News SilverInstaller Uses New Techniques to Install PUA/PUP ![]()
0 Comments
Leave a Reply. |