Our techs have seen a few machines (Mac laptops specifically) come through recently that have fallen victim to the same fake Adobe Flash update prompt.
These users were all performing seemingly normal tasks on Chrome, clicked on a link to go to a specific site, and the link popped up a series of Adobe Flash update prompts. While the users had intended to go to a specific site to gather information for a lesson or check sources for student projects, the resources they were seeking had been hijacked and now housed a nefarious hacking tool.
Thinking they did indeed need an Adobe Flash update, they clicked.
Some or all of the following symptoms then occurred:
- Pop-ups everywhere, for all sorts of products and virus warnings
- Offers to clean their infected machine.
- Default search engine changed.
- Home page and new tab page changed
- Web browser beeping and talking to them, warning them that their computer was infected
- Attempts to open new tabs blocked by their firewall, as those pages were leading to other infected and/or inappropriate content.
- Other browsers also infected
ITS was contacted and began clean-up on the machines. Normally, with a Mac laptop, we can run a couple clean-up tools remotely to reset the browsers and get the user back to their normal browser experience within an hour. These machines were infected to a point that we had to physically reload the machines and reset their user profile; our standard cleanup tools and procedures were ineffective.
During an evening Pinterest browsing session for some Halloween costume components last night, I experienced the same fake Adobe Flash update. I took a screenshot, then closed the problematic active tab. (I also reported the bad link on Pinterest) The link I clicked was supposed to take me to an easy-to-sew bow tie pattern, but alas, the craft blog site was either hacked and redirected, or allowed to expire and claimed by someone spammy.
Look at the features in the screenshot that set off warning bells for me:
- The address in the address bar is not the address I was seeking, and also not an Adobe address
- The pop-ups appear multiple times, and appeared again when I attempted to interact with the browser
- Most software/plug-in updates will be served by your system and not by the browser – these definitely came from my browser
- When I hovered over the buttons on the pop-ups, I could see the intended address at the bottom of my browser – again, not an Adobe site or my intended craft-blog site.
While I had been hoping to see and capture the fake Adobe Flash update in the wild, it still surprised me! My first reaction was to reach for the download button. I gathered my wits in time, though, and looked at the address bar, the multiple pop-ups and hovered over the buttons.
Adobe Flash is being phased out, due to security issues. Most websites that previously relied on Adobe Flash content are now using HTML 5 coding to provide a safer experience, and use an embedded plugin for their Flash content. If you receive an Adobe Flash update window, and think you may actually be due for an update, you can always visit the site directly to check: https://helpx.adobe.com/flash-player.html
Leslie is the Marketing Manager at ITS, and provides timely technology tips for our end-users. She is sending The White Rabbit (Alice In Wonderland), Ichabod Crane and a Deer Hunter trick-or-treating this year.