New Browser Hijack in Safari?

[ploth]

Just found this site after searching - I too am getting occasional random page loads to the site http://usine.puopla.site

I am installing adblockers now - but concerned that I have picked up something untoward... 

 

[Massimiliano]

To check if you have malware installed you can install the free version of Malwarebytes and get a premium trial for a few days Link to download.
You can install if you want, for free from the Mac AppStore, Ka-block! to block unwanted ads.

If you only use Safari there is no other web protection at the moment
If instead you use Chrome or Firefox you can download from the respective stores the beta of the Malwarebytes extension (but remember that are always a beta)

[Doug_M]

3 hours ago, ploth said:

Just found this site after searching - I too am getting occasional random page loads to the site http://usine.puopla.site

I am installing adblockers now - but concerned that I have picked up something untoward... 

 

Since I installed AdGuard for Safari I haven't had it happen again. 

[JayB]

This "Flashplayer out of date" install message on Safari is happening on many sites which makes me think it is on my machine (how could so many sites have malicious adware, including Yahoo?). I have been searching all over for what to do about it. My premium copy of Malwarebytes isn't able to detect it. I checked my adobe flash player and it is up to date. 

[alvarnell]

The Adobe Flash Player update pop-ups and fake downloads has been the single most abuse installer for months, even years now, at least from a Mac perspective.

That kind of pop-up in the browser is not malware. It is a scam webpage trying to convince you that you have malware, in the hopes that you'll either install a scam product to "remove the malware," or that you'll call a scam number listed in the message and pay the scammers to "remove the malware." (When there's no actual malware.)

Do not follow any of the instructions in that message. Close that browser window/tab, and if it repeats, avoid the site you were visiting at the time. Until Malwarebytes adds website protection for Safari, your only choice is to install an ad blocker, as many of these pop-ups are caused by malvertising (malicious advertising).

Malwarebytes actually has browser extensions in beta - so it's currently free - that blocks ads, trackers, clickbait, scams, and known malware sites. It's available for Chrome and Firefox, but not yet for Safari.

 

[Doug_M]

7 hours ago, JayB said:

 (how could so many sites have malicious adware, including Yahoo?)

By way of third party advertising networks.  The malicious advertising that redirects you to the fake update pop-up is bought and paid for on one or more of these ad networks that legitimate websites use.

I too was searching all over the Internet.  Thing is I wasn't finding any answers because what was happening was not an infection.  The closest (and most frequent google result) was that WeKnow infection.  But I didn't have Flash installed and none of the files removal instructions said to look for were there.  And of course MWB and Bit Defender didn't find anything either. Then I tried an ad blocker and voila, no more malicious redirects from malvertising.

[PaulBostock]

Get rid of these Flashplayer messages for ever: Ditch Flashplayer....uninstall it from your machine.  Problem solved.

I did this some months back & have never missed it.

[Doug_M]

2 minutes ago, PaulBostock said:

Get rid of these Flashplayer messages for ever: Ditch Flashplayer....uninstall it from your machine.  Problem solved.

While I don't disagree about uninstalling Flash (or not installing it in the first place). In this case it won't solve the problem at all because the problem isn't actually about Flash or caused by Flash. Websites trying to look like the Flash installer are being presented to the user through malicious web-based ads on various websites.  So if JayB uninstalls Flash he'll still see these websites with fake installers unless he implements an ad block of some sort.

[PaulBostock]

2 minutes ago, Doug_M said:

While I don't disagree about uninstalling Flash (or not installing it in the first place). In this case it won't solve the problem at all because the problem isn't actually about Flash or caused by Flash. Websites trying to look like the Flash installer are being presented to the user through malicious web-based ads on various websites.  So if JayB uninstalls Flash he'll still see these websites with fake installers unless he implements an ad block of some sort.

True, but if you uninstall Flash then any message to update must be bogus.  Since I uninstalled flash I have zero messages to update flash.

If you need to keep Flash then make sure that any updates are done through System Preferences on your Mac.

I use Adguard to stop everything else.  (The App, not the browser extension)

I have had Adguard on my Mac since 2017 with very few issues.

[Doug_M]

AdGuard is what I've been running for the past week now and so far so good.  I like that is has a feature to use a blacklist or whitelist.  All the others I could find were whitelist only.

[JayB]

I have now installed AdGuard for Safari, thanks for the tip guys. It's pretty obvious that the Flash Player Installer is linking to another site other than Adobe so I didn't fall for it. 

The worst one that I saw was a pop-up that appeared to be from my ISP which is a telco. They copied all the logos, knew how many years I was a subscriber and promised a free cell phone for answering a survey. At the end they ask for a credit card to cover the cost of shipping. That's when I knew it was a scam. Then I looked into the source code of the page and found the domain was registered in Panama. The name of the ISP is possible to get from the DOM in the browser, but having subscriber information must mean that there was a hack at the company.