Sunday, October 17, 2021

Flash version was distributed in China after EOL installing adware

Must Read

CERT report Shows security holes In the Polish education sector

Education associations in Poland are counseled to tighten their security controls following a fresh report highlighted many different openings...

A Few ransomware gangs are Using New Technique To Get high ransom amount

Ransomware gangs are prioritizing stealing data from workstations used by Top executives of the Company/business in the hopes of...

Hacker is selling passwords of the email accounts of hundreds of C-level executives

Access is offered for $100 to $1500 per account, based on the business size and exec role.A Threat Actor...

Although the Flash Player app has officially reached its final date on December 31, 2020, Adobe has allowed a local Chinese company to continue distributing Flash within China, where the app remains a major part of the local IT system and is widely used in both public and private sectors.

Security analysts say the Chinese Flash app behaves like a lide adware and opens browser windows to show ads.

Currently, this Chinese version of the old Flash Player app is only available on flash. cn, a website owned by a company called Zhong Cheng Network, which is the only Adobe-authorized business to distribute Flash within China.

But in a report published earlier this month, security company Minerva Labs said its security products had taken several safety precautions linked to this version of China Flash Player.

During the subsequent analysis, the researchers found that the app included a valid version of Flash but also downloaded and used additional uploads.

Specifically, the app downloaded and used nt.dll, a file that was uploaded within the FlashHelperService.exe process and which continues to open a new browser window regularly, showing various advertising and pop-up sites.

Spammy behavior is not recognized. Both general users and other security firms have also seen it.

Users complain that Flash has now started showing popups seen on the Adobe support forum, many local blogs, and many other sites.

Flash version was distributed in China after EOL installing adware
Image:Minerva Labs

In addition to Minerva Labs, other security firms have also begun picking up suspicious activities related to FlashHelperService.exe. Cisco Talos listed the procedure as the most common risk in the weeks ending January 14 and January 21, and the file was re-listed in its Top 10 in the weeks ending January 7, February 11, and February 18.

This threat does not affect western users as the Flash version they download from flash. cn will not work on systems outside of China, but thanks to Minerva’s report, they should not even try to test it, as this could lead to adware installation and compromise the security of their systems/networks.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This