How to stop the new adobe flash player pop-up

[ascmember]

Recently when browsing media websites, Adobe Flash Player install pop-up  and how to stop it if a user inadvertently installed the fake Flash Player.

Ref: Steganography payload

 

 

[alvarnell]

That's an easy one. Tell the user to NEVER EVER click anything in said pop-ups to install Flash Player. If they don't already have it then they need to go to https://get.adobe.com/flashplayer/ and download it from there. If they already have it installed, then open System Preferences->Flash Player->Updates tab and click the "Check Now" button to see if there is actually an update available. Those are the only two ways to prevent installing a fake.

To stop getting those pop-ups, install a good adware prevention browser extension.

[David H. Lipman]

Steganography is not a payload.  Steganography is a methodology for the embedding of an object like a malicious executable binary within a graphic file.  This would be a vehicle and not the result.  One would need to have a utility to extract the embedded object from the graphic to begin with.  That utility itself would be detected as a PUP or malware thus rendering the use of steganography as an inefficient malware delivery mechanism.  Fake Flash, Fake Java and other Fake Software Update sites use Social Engineering as their ploy for the victim to directly download the intended software which can be really bad malware but mostly tend to be Potentially Unwanted Programs ( PUPs ) and Adware.  Steganographic embedded graphic or media files may be used on a compromised web site to host malware to "hide in plain site" as an innocuous graphic or media file.

Steganography is well used in spycraft.  There one can embed proprietary and classified materials within seemingly innocuous graphic files and allow them to exfiltrate said material with little or no suspicion.  Subsequently, using the extraction utility, the exfiltrated material could be examined outside of the targeted enclave.

 

Edited January 31, 2019 by David H. Lipman
Edited for content, clarity, spelling and grammar

[ascmember]

Thank you for making it clear to me. Appreciate it.

There are a many questions being posted here on the ASC forum about FlashPlayer pop-up.

I read couple of articles from Mac centric media.

I am trying to answer, if I can.

OPs report that Malwarebytes for Mac Premium doesn't report any problem.

Thank you.

 

[treed]

53 minutes ago, ascmember said:

OPs report that Malwarebytes for Mac Premium doesn't report any problem.

Yup, that's because the cause of the pop-up is not actually malware, it's an effect of visiting a bad or compromised site. Much of the time these days, it's a result of malvertising (ie, the insertion of malicious ads in a legitimate site's ad feed). Malwarebytes for Mac would not detect anything, because there's no actual malware on the system.

There would be malware on the system, though, if the user were to download the referenced file and run the fake Adobe Flash Player installer. But not until that point.

A lot of people do not understand this, and I admit it's hard to say which browser pop-ups are due to malware and which ones are due to a bad website. Thus, asking the user if it's only happening with one or two specific sites, or if it also happens on other legitimate sites, is a good way to make that identification.

[ascmember]

Thank you Mr.Reed. What a favor?

Some  users are very protective of their Mac, rightly so.

Whenever adware is the question, Malwarebytes/EtreCheck is the  goto option.

Sometimes question drags on without any resolution.

Even though I could answer below linked one, more questions are popping  up.

Here is the thread. https://discussions.apple.com/thread/250116264?answerId=250228121022#250228121022

 

Best.

[David H. Lipman]

OK.  This is a subject matter called malvertising.  Basically you have advertisers and marketing groups who lean to the dark side and subcontract advertisements to those who are on the dark side.  They allow bad actors to use the service to advertise malicious sites which become malicious advertisements or in shortened terms, a malvertisement.

A Malvertisement can be a site for Fake Updates or Fake Alerts.  The Apple.Com example is a Fake Flash malvertisement.

Here are some Fake Alert malvertisement examples.

FakeAlert-Screens.pdf  /  Flash Version

Since they are not dependent upon malware on a PC ( MAC, Windows, 'NIX, etc ) and they are solely based upon a web site, Malwarebytes' products can block access to said sites if they are in their blocked list.  Submissions of such sites can be provided in; Newest IP or URL Threats  after reading; READ ME: Purpose of this forum

 

Edited January 31, 2019 by David H. Lipman
Edited for content, clarity, spelling and grammar

[ascmember]

Thank you. Great explanation.

Today there was another question.

With experience  from the previous case, I asked for an EtreCheck report and to launch Safari in safe mode by holding the shift key down when launching Safari

OP replied it as helpful.

Now I can drop the unnecessary word malware from my reply. Ref: https://discussions.apple.com/thread/250125993?answerId=250229123022#250229123022

Thanks again.

[alvarnell]

Let me just repeat that if the desire is to stop getting these malvertised pop-ups, you need to install adblocking extensions in all browsers. Otherwise just ignore them.