Jump to content

Suspicious Flash Player Icon on Mac desktop

Recommended Posts

Hello, I periodically am having an icon appear on my desktop that looks just like the Adobe Flash Player installer.  I always throw it in the trash and empty the trash because my Flash Player is set to update automatically so I believe this is a fake installer. 

I have run the free version of Malwarebytes while the flash player icon is on my desktop, and it says my computer is clean. 

I tried uploading the file from my desktop and it doesn't show up as an option to upload from your "choose files..." button.  So then I dragged and dropped the icon from the my desktop to the "Insert other media" box, and what appears looks like a series of images to me.  

When I select "get info" on the Flash Player icon on my desktop, it says:

Kind: Volume

Created: January 28, 2019 

Capacity: 24.2 MB

Available: 3.1 MB

Name & Extension has a greyed out "Flash Player"

"Ignore ownership on this volume" is greyed out and has a check mark.

My System Preferences for Flash Player are set to "Allow Adobe to Install Updates".  When I clicked on the check for Flash Player updates button it says I'm up to date.   I have NPAPI Plug-in version installed. 

My question is: Is this icon on my desktop a virus or malware?

I apologize in advance if I'm posting this to the wrong subforum.  I just want to help by providing a copy of this sketchy seeming file.

I have taken a screen shot of the icon and have uploaded it using the "choose files..." button. The JPG screenshot is called "Fake Flash Player Icon?.jpg" 

Thanks for your help.


















Fake Flash Player Icon?.jpg

Link to post
Share on other sites

I’ve requested that your post be moved as this forum is for submission of actual suspected malware samples rather than icons. Not sure where all those other icons came from or what you hoped to convey by posting them.

I think it's more likely that this is simply the result of the automatic update of your legitimate Flash Player. The process involved does normally download a .dmg file into a temporary area and mount it to accomplish the update installation, but normally doesn't show up on the desktop. Flash Player was updated to your version last Tuesday, so would have been updated at some point this week.

If you were able to locate the .dmg file itself (which is difficult for an average user) then it could have been submitted for analysis by the staff or a Malware Hunter, but without the actual file, it's not possible to judge it's authenticity. If Malwarebytes is saying your Mac is clean, then it's unlikely that what you are observing involves malware, but I must admit it's unusual.

Link to post
Share on other sites

Hi alvarnell,

Thanks for your reply. That's totally fine to move my post if its in the wrong location.  

I was trying to post a sample of the actual suspected malware, but I understand from your reply that I didn't succeed in doing that.

When I uploaded the Flash Player installer icon from my desktop to this site, I dragged that  one installer icon from my desktop to this site, and suddenly there were 16 png files attached to my post.  I don't understand why that happened but the 16 files must have been somehow nested within the installer icon.  

The Flash Player installer icon on my desktop that I dragged and dropped to this site looks like the screenshot of it that I also uploaded here (the last image attached to my original post). So I only uploaded 2 images but 17 images appeared.

The Flash Player icon that appeared out of no where on my desktop appeared today after I logged out and then logged back in.

I have ejected the Flash Player icon from my desktop.  I'll research how to find the installer dmg image for next time this happens.  

Thanks for your reply.  


Link to post
Share on other sites

The easiest way to get to the contents of the .dmg file are to simply double-click on the icon you see on the desktop. Be sure you verify that it's a "Volume" (as you did) to make sure it's not an executable disguised as a desktop icon, first. Then submit the Install "Adobe Flash Player" app that you will see in the window that opens. You cannot currently be infected by simply mounting the .dmg.

Although I did not have the icon on my desktop (I had not restarted since it was updated earlier this week) I was able to see it unmounted in Disk Utility, so I clicked the mount icon and it appeared identically to yours on my desktop. The Get Info... on the volume appears identical (except for the Available) to what you found, so I feel I can now confirm that it was legit:


Screen Shot 2019-02-17 at 19.25.47.png

Edited by alvarnell
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.