Friday, July 23, 2021

Flash version was distributed in China after EOL installing adware

Must Read

Is Now the Time to Begin Protecting Government Data from Quantum Hacking?

The best technique for generating quantum-resistant encryption is to escape from the core power of computers, according to one...

NetWire and Remcos Trojan targeted US taxpayers

Investigators have analyzed an effective campaign targeted by US taxpayers to distribute both NetWire and Remcos Trojans. The tax season...

Trends Coming In Cybersecurity

In This, We will discuss what are trends coming in the cybersecurity market or cybersecurity field. Cyber Insurance Will Increases In...

Although the Flash Player app has officially reached its final date on December 31, 2020, Adobe has allowed a local Chinese company to continue distributing Flash within China, where the app remains a major part of the local IT system and is widely used in both public and private sectors.

Security analysts say the Chinese Flash app behaves like a lide adware and opens browser windows to show ads.

Currently, this Chinese version of the old Flash Player app is only available on flash. cn, a website owned by a company called Zhong Cheng Network, which is the only Adobe-authorized business to distribute Flash within China.

But in a report published earlier this month, security company Minerva Labs said its security products had taken several safety precautions linked to this version of China Flash Player.

During the subsequent analysis, the researchers found that the app included a valid version of Flash but also downloaded and used additional uploads.

Specifically, the app downloaded and used nt.dll, a file that was uploaded within the FlashHelperService.exe process and which continues to open a new browser window regularly, showing various advertising and pop-up sites.

Spammy behavior is not recognized. Both general users and other security firms have also seen it.

Users complain that Flash has now started showing popups seen on the Adobe support forum, many local blogs, and many other sites.

Flash version was distributed in China after EOL installing adware
Image:Minerva Labs

In addition to Minerva Labs, other security firms have also begun picking up suspicious activities related to FlashHelperService.exe. Cisco Talos listed the procedure as the most common risk in the weeks ending January 14 and January 21, and the file was re-listed in its Top 10 in the weeks ending January 7, February 11, and February 18.

This threat does not affect western users as the Flash version they download from flash. cn will not work on systems outside of China, but thanks to Minerva’s report, they should not even try to test it, as this could lead to adware installation and compromise the security of their systems/networks.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This