If you are a Mac user, then you should be very careful when you install stuff on your computer. According to the latest reports, another fake Adobe Flash Player installer has been released and it is available on the internet.
The security experts from Intego have found a rogue package installer as a variant of OSX/InstallCore and in order to protect the users, they’ve updated the Intengo VirusBarrier definition in order to make sure that the Mac users don’t get this malware on their devices.
The attack has been released in the form of a Mac package installer (.pkg) file, which is also known as a flat package. The package has been signed with a legitimate Developer ID certificate, which will trick the OS X’s built-in gatekeeper security to believe that the file is not a malware and it can be trusted.
It is good to know that if the malware file, named Product.pkg, is located outside the DMG volume and the DMG Volume installer is un-mounted, then the user will receive a “Missing parameters” error. However, if the .pkg file is located in the DMG volume, then it will be installed on the Mac device without any problems.
Once this package gets installed on a Mac device, the users will notice that a number of unwanted programs (PUPs) get also installed on their systems. According to Intego, many third-party applications have been installed by fake Adobe Flash update, which includes: MacKeeper, ZipCLoud and MegaBackup.
It is good to know that the installer’s code comes embedded with a copyright message that’s referencing to ironSource, a company from Israel, which develops the InstallCore software installation platform. This company has also been criticized in the past and it seems that it will never learn from its mistakes.
We suggest the Mac users to ensure that their Adobe Flash Player will automatically update itself, instead of updating it manually and risking to get a malware application on their computers.