Display version distributed in China after EOL is setting up adware


Even though the Flash Gamer app officially reached its end of life on December thirty-one, 2020, Adobe has allowed a local Chinese company to continue disseminating Flash inside China, where the application still remains a large part associated with the local IT environment and is normally broadly utilized across both the community and private sectors.

Currently, this Chinese version from the old Flash Player app is accessible only via  display. cn , a web site maintained by a corporation named Zhong Cheng System, the only entity authorized simply by Adobe in order to distribute Display inside China.

However in the report released earlier this month, security firm Minerva Labs said its protection products indexed multiple security alerts connected to this Chinese Flash Participant version.

During following analysis , researchers found out that the app was indeed setting up a legitimate edition of Display but also downloading and running additional payloads.

More exactly, the app was getting and running  nt. dll , folders that will was packed inside the FlashHelperService. exe process plus which proceed to open up a new browser window at regular intervals, showing various ad- and popup-heavy sites.

flash-adware.png flash-adware.png
Image: Minerva Labs

The spammy behavior certainly didn’t go unnoticed. Both regular users as well as other protection firms observed it since well.

Customers complaining that will Flash has now started teaching popups are spotted on the  Adobe assistance forum ,   several   local   blogs , and  in many other areas .

Furthermore, apart from Minerva Labs, other security firms possess also started picking up suspicious exercise related to the FlashHelperService. exe. Cisco Talos ranked this particular process as the most broadly detected risk for the particular weeks ending on  January 14   and  January 21 , and the document also positioned in its Top 10 upon the weeks ending on  Jan 7 ,   February eleven , and  Feb 18 .

This particular threat is not going to impact western users given that the Expensive version they download from flash. cn won’t work on systems outside China, however in light of Minerva’s report, they shouldn’t even try to test it, as this might lead to installing adware and compromising the security of their systems/networks.

Next Post

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

Tue Feb 23 , 2021
Introduction In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are used as social engineering schemes by threat actors; in this case, the malware was targeted at security researchers. […]