Hi all users as you all might know that Adobe Flash Player is most popular flash player amongs all Flash Player available in software world and because of its popularity, Adobe Flash Player is still an application that’s preferred by cybercriminals for campaigns that involve fake updates.A new scheme discovered by Zscaler experts begins with a shady website that displays a phony video window which urges users to install Adobe Flash Player in order to view a clip.
The update is actually a fake extension for web browsers. Depending on the application the victim is running, he/she is presented with a .XPI file (Firefox), a .CRX file (Google Chrome), or a .exe (Internet Explorer).
Also Read: Disable Country Restriction on Google Play
Once installed, these extensions allow the attacker to gain access to the infected machine.
However, this is not the main concern. The problem is that most antivirus solutions are unable to detect malicious extensions because they’re basically text files. While the executable is easily identified as being a threat, the .XPI and the .CRX are not appointed as being dangerous by any of the AV engines from VirusTotal.
Another thing worth mentioning is the fact that fake browser add-ons don’t contain malicious code. Instead, they fetch and execute the code that causes the actual damage when the browser is launched.
“The current files being pulled are not very dangerous, but that could change in the future. An invisible IFRAME is inserted in each new page loaded. The IFRAME contains advertising from resultsz.com, and contains a username in the URL,” Zscaler’s Julien Sobrier explained.
He believes that the adware’s creator makes a profit by generating traffic towards a specific website.
“The author could change the remote file at any moment to do much more harm, like stealing cookies to obtain access to the user accounts on any site, stealing username/credentials being entered or previously saved, etc,” he concluded.
So, the best thing you can do to protect yourself against such threats is to avoid downloading shady updates from untrusted websites.
However, this is not the main concern. The problem is that most antivirus solutions are unable to detect malicious extensions because they’re basically text files. While the executable is easily identified as being a threat, the .XPI and the .CRX are not appointed as being dangerous by any of the AV engines from VirusTotal.
Another thing worth mentioning is the fact that fake browser add-ons don’t contain malicious code. Instead, they fetch and execute the code that causes the actual damage when the browser is launched.
“The current files being pulled are not very dangerous, but that could change in the future. An invisible IFRAME is inserted in each new page loaded. The IFRAME contains advertising from resultsz.com, and contains a username in the URL,” Zscaler’s Julien Sobrier explained.
He believes that the adware’s creator makes a profit by generating traffic towards a specific website.
“The author could change the remote file at any moment to do much more harm, like stealing cookies to obtain access to the user accounts on any site, stealing username/credentials being entered or previously saved, etc,” he concluded.
So, the best thing you can do to protect yourself against such threats is to avoid downloading shady updates from untrusted websites.
By - EduardKovacs
Would love to here from you...