Announcement

There will be no dues for 2018 until further notice, and all meetings in 2018 will be in Sequim!

Note: This Announcement can be dismissed by clicking the (magically appearing) X in the top right corner of this box.

Fake Flash Updater

Discussion of general issues, not related to a specific Mac or iDevice operating system.
User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 2864
Joined: Thu Apr 07, 2011 11:09 am

Fake Flash Updater

Post by Stephen Hart » Thu May 02, 2019 8:59 am

I've been seeing a fake Flash Player Updater popup while reading The Washington Post.
I recognized it as fake and didn't download anything, of course.
But I can't find any information on how to prevent it from happening. I do have popups blocked for this site. (Actually for all sites except a couple.)
I did a Malwarebytes free scan and it came up with nothing.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Jay Cline
Forum Member - Level 4
Forum Member - Level 4
Posts: 553
Joined: Thu Apr 07, 2011 5:13 pm
Location: A sleepy little mill town with a smokestack or two on one end.

Re: Fake Flash Updater

Post by Jay Cline » Fri May 03, 2019 8:16 am

"There's a brand new gimmick every day
Just to take somebody's money away"
-Bob Dylan, Bear Mountain Picnic
-----------------
This is where I'd normally write an impressive summary of my skills and proficiencies.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 2864
Joined: Thu Apr 07, 2011 11:09 am

Re: Fake Flash Updater

Post by Stephen Hart » Fri May 03, 2019 3:19 pm

I ran EtreCheck.app, which flagged some outdated preference files, and I deleted all cookies in Safari. So far I haven't seen the Fake Flash popup. I suspect it was caused by a cookie. Unfortunately, there's no good way to determine which cookies to delete and which to save because there are just too many to read through. Deleting all cookies causes some minor headaches: you have to sign in again to several sites. This is surely a security issue that could be addressed by lists of malware cookies.
Note that the popup itself does nothing except temporarily interrupt your viewing of a site. But accepting the download leads to trouble, either by downloading malware or by downloading a version of Flash and malware.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 2864
Joined: Thu Apr 07, 2011 11:09 am

Re: Fake Flash Updater

Post by Stephen Hart » Thu May 09, 2019 8:35 am

Update:
This fake Flash updater popup returned today.
I think it's odd that it's only ever appeared when I'm viewing an opinion piece on The Washington Post. It's hard to imagine the Post's server is infected in some way, but I sent them a message.

Looking in Activity monitor, I see this process when the fake updater page is showing:

Code: Select all

https://fixfreshbestappclicks.icu
Killing that process stops the page, but it refreshes immediately.

I haven't seen any way to block a specific website in Safari.
Last edited by Stephen Hart on Thu May 09, 2019 1:29 pm, edited 2 times in total.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Jay Cline
Forum Member - Level 4
Forum Member - Level 4
Posts: 553
Joined: Thu Apr 07, 2011 5:13 pm
Location: A sleepy little mill town with a smokestack or two on one end.

Re: Fake Flash Updater

Post by Jay Cline » Thu May 09, 2019 1:00 pm

I don't have Flash installed and have seen fake Flash updater popups from time to time but it's rare.
-----------------
This is where I'd normally write an impressive summary of my skills and proficiencies.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 2864
Joined: Thu Apr 07, 2011 11:09 am

Re: Fake Flash Updater

Post by Stephen Hart » Thu May 09, 2019 1:30 pm

I have Flash turned off by default. Rarely, I get a legit message asking if I want to enable Flash for one time.
I don't think this fake updater has anything to do with Flash really. It's just exploiting the fact that for many years Flash was necessary and had to be updated over and over.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 2864
Joined: Thu Apr 07, 2011 11:09 am

Re: Fake Flash Updater

Post by Stephen Hart » Thu May 09, 2019 1:58 pm

Washington Post (Washington Post Customer Care)
May 9, 4:42 PM EDT

Thank you for contacting The Washington Post! We are aware of this Adobe Flash malware issue and currently working on a fix. We will send your comments on the malicious Adobe Flash Player ad to our Advertising and IT team. Please let us know if you have any additional concerns or questions.

Thanks!
The Post does have a large number of very intrusive ads. They look to be automatic, as they make no sense in a newspaper or for me, if I'm being tracked.
I always use the Reader view.

Anyway, nice to know it wasn't just me, and that there's a fix in process.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Jay Cline
Forum Member - Level 4
Forum Member - Level 4
Posts: 553
Joined: Thu Apr 07, 2011 5:13 pm
Location: A sleepy little mill town with a smokestack or two on one end.

Re: Fake Flash Updater

Post by Jay Cline » Fri May 10, 2019 8:10 am

Screen Shot 2019-05-10 at 8.01.15 AM.png
Screen Shot 2019-05-10 at 8.01.15 AM.png (196.85 KiB) Viewed 321 times
I just spent a few minutes on The Washington Post online and got the same popup.

fastdealseparateappclicks.icu is registered in Panama

Just say no to any popup. Software updates don't come from websites you visit.
-----------------
This is where I'd normally write an impressive summary of my skills and proficiencies.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 2864
Joined: Thu Apr 07, 2011 11:09 am

Re: Fake Flash Updater

Post by Stephen Hart » Fri May 10, 2019 11:40 am

Just say no to any popup. Software updates don't come from websites you visit.
Flash updater messages are well known, and are always associated with malware one way or another.

Also, it's really depressing that the Washington Post server (or the ad service they subscribe to) got hacked this way, and that they can't fix it within minutes.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Jay Cline
Forum Member - Level 4
Forum Member - Level 4
Posts: 553
Joined: Thu Apr 07, 2011 5:13 pm
Location: A sleepy little mill town with a smokestack or two on one end.

Re: Fake Flash Updater

Post by Jay Cline » Sat May 11, 2019 11:14 am

You have to wonder if struggling newspapers get revenue from leaving the "ad" there. Could be their best income stream in years.
-----------------
This is where I'd normally write an impressive summary of my skills and proficiencies.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests