hoakley General, Macs, Technology

Never download a Flash installer from anywhere except its official site

Malware authors are skilled at working out what confuses us most. With a long succession of frequent security updates for Adobe Flash Player, we have got quite used to seeing dialogs informing us that our version of Flash Player is out of date, and offering an update. Just click on the button to download and install it, it promises.

This is made worse by the fact that Adobe’s genuine Flash Player behaves very similarly – and that is a huge black mark against Adobe, for using an update mechanism that is so easily mimicked by malware.

Click the wrong button on a fake installer, and you never know what you’ll get. It could be something irritating, or more seriously nasty. Jay Vrijenhoek at Intego has just described in detail a new exploit which starts with this same fake Adobe Flash Player installer or updater, which then downloads an installer package whose name starts with FlashPlayer_01. These packages are signed by a valid signature assigned to “adam Chemil” with the developer ID FAFK4ARNVL, so look at first sight to be genuine.

If you are foolish enough to open one up, it stops pretending to be an Adobe Flash installer, but declares itself as the “SilverInstaller Installer”, offering you various goodies and licence agreements, privacy policies, and all manner of hokum. You can then stand by to receive any of a range of unwanted and irritating apps – or possibly something a bit more sinister.

There are two wise strategies:

  1. If you don’t want or need Adobe Flash Player, remove it, and don’t ever install it or any claimed update for it.
  2. If you really do still need to have Adobe Flash Player installed, only ever update it from its official support site. Do not allow it to update automatically, or even offer you updates, but keep it up to date at all times. When new versions are released, I announce them on this site, and other Mac support sites do likewise: you should then obtain the official update only from Adobe’s official site.

The best strategy of all, though, would be for Adobe to finally kill this utterly disastrous product, so removing the easiest way to distribute malware. Once Flash is gone, the likes of “adam Chemil” will have to come up with another way of trying to trick users into installing his unwanted crapware.