Security firm Malwarebytes has sounded the alarm on a new bogus Flash Player update which causes legitimate advertisements to be replaced with spam and inappropriate banners.
FlashPlayer11.safariextz is a convincing fake browser extension, Malwarebytes claims. It uses the correct Flash Player logo and even includes a hyperlink to the official Adobe website.
The bad guys are banking on the fact people are aware how important it is to apply software updates
However, once installed, the application either introduces its own intrusive adverts or overlays the official ads on legitimate websites with its own.
According to Malwarebytes security analyst Jerome Segura, the authors of this rogue application are hoping to tap into the lucrative business of web advertising by generating revenue from users clicking on the fake adverts.
"Online advertising is a billion dollar industry and everybody wants to have a piece of it. With such invasive adverts, cyber-crooks are likely to generate a lot of views' and even pay per clicks," he said.
As pointed out in Segura's blog post, these adverts are not only intrusive, but also indiscriminate in what they display.
"Shortly after being installed, [FlashPlayer11.safariextz] will begin to inject very rough advertisements on any website you visit," said Segura.
"For example, I visited pbskids.org, a site for children to play games and watch their favourite characters, when all of the sudden a pornographic advertisement was displayed," he added.
According to Segura, the malicious extension is being pushed from various websites, but most commonly comes from adult websites.
He also said he found it "interesting that the bad guys are banking on the fact people are now quite aware of how important it is to apply software updates".
"This is why you should always install updates from the vendor's official website to avoid nasty surprises," he advised.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
New Adload malware bypasses Apple’s XProtect to infect macOS devicesNews Old malware retooled to evade Apple defenses
-
Common malware slipped past the macOS notarization process twiceNews Apple immediately revoked the notarization, but the adware slipped through again
-
Researchers blast Swedish developer WakeNet AB for ‘deceptively’ spreading adwareNews Bad actors are using tools like 'embed movie' to coax victims into installing software that house adware
-
Zacinlo malware threatens Windows 10 PCs' securityNews Malware takes screenshots of users' desktops, and has been operating silently for six years
-
Lenovo vows to cut bloatware after SuperfishNews The company says it will drop adware after its Superfish debacle left customer data at risk
-
Facebook warns of new Superfish threatNews The fake security certificate used by the Lenovo-installed adware can be re-used by hackers, says social network
-
Yahoo serves up New Year malware to European customersNews Malicious adverts infect users’ computers.
-
File sharing infects 500,000 computersNews McAfee reveal details on what it calls the most significant malware outbreak since 2005, as peer-to-peer networks look under threat.
