Although the Flash Player app has officially reached its final date on December 31, 2020, Adobe has allowed a local Chinese company to continue distributing Flash within China, where the app remains a major part of the local IT system and is widely used in both public and private sectors.
Security analysts say the Chinese Flash app behaves like a lide adware and opens browser windows to show ads.
Currently, this Chinese version of the old Flash Player app is only available on flash. cn, a website owned by a company called Zhong Cheng Network, which is the only Adobe-authorized business to distribute Flash within China.
But in a report published earlier this month, security company Minerva Labs said its security products had taken several safety precautions linked to this version of China Flash Player.
During the subsequent analysis, the researchers found that the app included a valid version of Flash but also downloaded and used additional uploads.
Specifically, the app downloaded and used nt.dll, a file that was uploaded within the FlashHelperService.exe process and which continues to open a new browser window regularly, showing various advertising and pop-up sites.
Spammy behavior is not recognized. Both general users and other security firms have also seen it.
Users complain that Flash has now started showing popups seen on the Adobe support forum, many local blogs, and many other sites.
In addition to Minerva Labs, other security firms have also begun picking up suspicious activities related to FlashHelperService.exe. Cisco Talos listed the procedure as the most common risk in the weeks ending January 14 and January 21, and the file was re-listed in its Top 10 in the weeks ending January 7, February 11, and February 18.
This threat does not affect western users as the Flash version they download from flash. cn will not work on systems outside of China, but thanks to Minerva’s report, they should not even try to test it, as this could lead to adware installation and compromise the security of their systems/networks.