Beware Mac users because the Adobe Flash Player update scam is back. Over the weekend, what seemed to be a harmless pop-up on my MacBook appeared that my flash player was out of date and need to be updated. Adobe Flash has made several notices of the importance on updating your Flash Player regularly to protect against malicious attacks. So carelessly, I followed the alerts advice and unknowingly welcomed an infection of scareware into my system.
Scareware is a form of malicious software that uses social engineering to manipulate users into downloading fake antivirus software that contains malware. This sort of attack is effortless for criminals by using social engineering to trick unsuspected users to unwittingly download fake versions, rather rely upon software vulnerability or exploitations. While software vulnerability attacks can often be quelled by hiring a service such as GA Systems to manage your security, scareware attacks are often much harder to spot. As a result of the scareware, several Potentially Unwanted Programs (PUPs) were installed in my system. It has been reported by Intego, a Mac security software company, that the most common third-party apps installed include:
In this particular attack, the malware is placed next to the authentic Adobe Flash version in attempt to appear more legitimate when users begin to get suspicious. Once the installation is at its end, the user is prompted to continue with the installation of the licensed version of Flash. It is important to check your computer’s “Account Monitor” and locate these third-apps and move them to trash then empty trash immediately.
HOW TO SPOT SCAREWARE ATTACKS
Employees who are uneducated when it comes to cybersecurity hold a higher risk of updating and installing malicious software into their computer system and potentially creating a hacking crisis. It is important for employees to understand protocols when receiving suspicious pop-ups and how to handle the situation. This is not the first time Mac users have been targeted by fake update scams. The first sign that your computer has become a target to an attack is receiving a suspicious pop-up that you have an outdated or security problem that needs to be fixed immediately.
Once the process of installation is at the end, the user will receive bogus pop-up security warnings, install malicious browser extensions, or redirect users to web pages of the attacker’s choosing. This can become frustrating to users when constant redirects are sending them to web pages that make it difficult to exit from. It is difficult to detect where the scareware is in the computer system and may take hours to remove.
There are several anti-virus and anti-malware programs that can help protect your company’s computers. Instruct your employees that it is wise to contact your computer’s support center or company’s IT department before downloading anything.
HOW YOUR COMPANY CAN BE PREPARED FOR ATTACKS
There are ways to exploit vulnerabilities in OS X to allow malicious software slide past Apple’s defenses, but the easiest way is seemingly simple to sign your code with a valid developer certificate. It is known that employees can be your biggest threat or first line of defense when it comes to cyber-attacks. If employees receive a suspicious warning, contact your IT department to validate its authenticity. Additionally, don’t ever click on buttons that say action items, such as “Download” or “Free Scan.” As an added precaution, employers should provide training and tips to employees on how they can prepare and prevent malicious attacks. It is also helpful to enact and explain on what to do if an employee falls victim to an attack. Download the Malware Checklist to help read signs and avoid malicious attacks.
2016 Marketing Intern