Mac users may think their Internet browsing is safer than that of their PC counterparts, but that assumption is not true when it comes to adware, browser hijackers and other forms of potentially unwanted programs (PUPs). Some PUPs arrive in the form of browser extensions, others as stand-alone applications — and at least one of the latter masquerades as an update to Adobe Flash Player, so that users will authorize its installation.
Most PUPs are more annoying than harmful and, because they put installation-opt-out checkboxes in the fine print, stay just this side of legal. But Russian anti-malware company Dr.Web has found one that borrows an illegal trick from Trojan-horse malware. The initial program is a falsified version of Flash Player distributed using the Cyprus-based WeDownload adware site, and the program asks the Mac user to authorize its installation with his or her administrator privileges.
The fake Flash Player is actually a "dropper," a small piece of software designed to establish a beachhead on the machine and pull in yet more programs from the Internet. It reaches out to three different servers, which then send back HTML files promoting the user to install other PUPs, among them the Conduit browser hijacker, the OpinionSpy survey poll, the Crossrider adware and the well-known, but shady, antivirus program/system optimizer MacKeeper.
Each of these will give you a chance to not install it, as legally required, but will use misleading language to persuade you to do otherwise.
The faux-Flash update that DrWeb obtained from WeDownload was digitally signed with the Apple developer ID "Simon Max (GW6F4C87KX)," which should raise suspicions because it doesn't even reference Adobe.
Since adware programs are built to distribute ads, they are not likely to harm systems. But the same dropper that loaded the adware in this case could easily be repurposed to drag in ransomware, keyloggers, banking Trojans or other forms of truly malicious software.
If you are concerned your system has been infected by adware, we suggest you download a program to wipe it from your system, such Malwarebytes Anti-Malware for Mac. (You should already be running regular antivirus software on your Mac.) We also advise Mac users to only download software from approved online retailers, such as Apple's own App Store.