{"id":17009,"date":"2013-08-20T10:33:46","date_gmt":"2013-08-20T17:33:46","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=17009"},"modified":"2016-10-07T12:20:05","modified_gmt":"2016-10-07T19:20:05","slug":"cross-platform-adware-poses-as-flash-player-update","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/","title":{"rendered":"Cross-Platform Adware Poses as Flash Player Update"},"content":{"rendered":"<p>Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash Player update\u2014with a Developer ID. This tactic is not new, but why try something new when the tried and true tactics are apparently still working?<\/p>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/FlashPlayer11.png\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-17015\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/FlashPlayer11.png\" alt=\"FlashPlayer11\" width=\"170\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/FlashPlayer11.png 170w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/FlashPlayer11-150x132.png 150w\" sizes=\"(max-width: 170px) 100vw, 170px\" \/><\/a><\/p>\n<p>This new adware has versions for both Windows and Mac OS X, and works as an extension for Chrome, Firefox and Safari to different extents based on the operating system. For Macs, because the installer is a Windows executable auto-extractor, there&#8217;s no direct installation.<\/p>\n<p>This scam-extension appears to be found on a number of different types of websites, such as adult-themed and file-sharing sites. Once downloaded onto a user&#8217;s machine, it must then be installed in order to execute. Once it&#8217;s running, it places ads (sometimes pornographic in nature) into legitimate websites, which can make it appear that even children&#8217;s sites are serving these lascivious ads. The ads are not served by the usual mechanisms, so they are not blocked by ad-blockers.<\/p>\n<p>The adware installer is signed by an Apple Developer ID belonging to &#8220;martingrey@mailinator.com,&#8221; which expires in a month (on September 22), at which point it will no longer be recognized as valid.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/Developer.png\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-17013\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/Developer.png\" alt=\"Developer\" width=\"600\" height=\"135\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/Developer.png 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/Developer-150x33.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/08\/Developer-300x67.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p>Hat tip to\u00a0<a href=\"http:\/\/blog.malwarebytes.org\/intelligence\/2013\/08\/fake-flash-player-update-causes-mayhem-in-your-browser\/\" target=\"_blank\">Jerome Segura<\/a>\u00a0of Malwarebytes for information on this threat.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/virusbarrier\" target=\"_blank\">Intego VirusBarrier<\/a> users with up-to-date virus definitions will be protected against this threat, which is detected as OSX\/ClickAgent.FLA. This is a great reminder that it&#8217;s always best to <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-tell-if-adobe-flash-player-update-is-valid\/\" target=\"_blank\">go directly to the source<\/a> for software updates, rather than following pop-ups that purport to be updates.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash Player update\u2014with a Developer ID. This tactic is not new, but why try something new when the tried and true tactics are apparently still working? This new adware has versions for both [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8755,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,5],"tags":[323,595,86,593],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cross-Platform Adware Poses as Flash Player Update - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-08-20T17:33:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-07T19:20:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\",\"width\":\"400\",\"height\":\"260\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/\",\"name\":\"Cross-Platform Adware Poses as Flash Player Update - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#primaryimage\"},\"datePublished\":\"2013-08-20T17:33:46+00:00\",\"dateModified\":\"2016-10-07T19:20:05+00:00\",\"description\":\"Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\\u2014which pretends to be an Adobe Flash\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cross-Platform Adware Poses as Flash Player Update\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"Cross-Platform Adware Poses as Flash Player Update\",\"datePublished\":\"2013-08-20T17:33:46+00:00\",\"dateModified\":\"2016-10-07T19:20:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#webpage\"},\"wordCount\":271,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\",\"keywords\":[\"Adware\",\"FlashPlayer11.safariextz\",\"Malware\",\"OSX\/ClickAgent.FLA\"],\"articleSection\":[\"Malware\",\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/","og_locale":"en_US","og_type":"article","og_title":"Cross-Platform Adware Poses as Flash Player Update - The Mac Security Blog","og_description":"Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash","og_url":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/","og_site_name":"The Mac Security Blog","article_published_time":"2013-08-20T17:33:46+00:00","article_modified_time":"2016-10-07T19:20:05+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","width":"400","height":"260"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/","name":"Cross-Platform Adware Poses as Flash Player Update - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#primaryimage"},"datePublished":"2013-08-20T17:33:46+00:00","dateModified":"2016-10-07T19:20:05+00:00","description":"Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file\u2014which pretends to be an Adobe Flash","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Cross-Platform Adware Poses as Flash Player Update"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"Cross-Platform Adware Poses as Flash Player Update","datePublished":"2013-08-20T17:33:46+00:00","dateModified":"2016-10-07T19:20:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#webpage"},"wordCount":271,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","keywords":["Adware","FlashPlayer11.safariextz","Malware","OSX\/ClickAgent.FLA"],"articleSection":["Malware","Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/cross-platform-adware-poses-as-flash-player-update\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-4ql","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/17009"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=17009"}],"version-history":[{"count":22,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/17009\/revisions"}],"predecessor-version":[{"id":58198,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/17009\/revisions\/58198"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8755"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=17009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=17009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=17009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}