Intego Warns of Fake Flash Update that Installs Scareware

| News

Security software company Intego is warning of a malware disguised as a (fake) Flash installer that actually installs scareware and other malware on your Mac. The malware isn't exploiting any security holes in OS X, but instead does a semi-credible job of looking like an Adobe Flash update to socially engineer users into permitting the installation.

To make matters worse, the malware is digitally signed with a valid Apple developer certificate. Intego says that certificate was issued to a "Maksim Noskov." According to Johannes Ullrich, Ph.D., of the SANS Institute's Internet Storm Center, the security researcher who first spotted the malware, Apple has since revoked that certificate.

Mr. Ullrich posted a video of the malware that he installs on a fresh system so we can see what it does:

In addition to installing scareware onto your Mac, some variants of this fake Flash updater download a real Flash installer, too.

TMO's advice is to uninstall Flash. It's near-death, and not even Adobe believes in its future. If you have to have Flash on your Mac, always update it from Adobe's site. That minimizes your chances of being tricked by a fake installer.

Intego has more information about this specific malware.

Comments

geoduck

Just dump Flash. Nothing good can come from it any more.

Lee Dronick

The problem is websites that still use Flash.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account