Though the Flash Participant app formally reached its finish of life on December 31, 2020, Adobe has allowed a neighborhood Chinese language firm to proceed distributing Flash inside China, the place the applying nonetheless stays a big a part of the native IT ecosystem and is broadly used throughout each the private and non-private sectors.
At the moment, this Chinese language model of the outdated Flash Participant app is accessible solely through flash.cn, an internet site managed by an organization named Zhong Cheng Community, the one entity approved by Adobe to distribute Flash inside China.
However in a report printed earlier this month, safety agency Minerva Labs mentioned its safety merchandise picked up a number of safety alerts linked to this Chinese language Flash Participant model.
During subsequent analysis, researchers discovered that the app was certainly putting in a legitimate model of Flash but additionally downloading and working extra payloads.
Extra exactly, the app was downloading and working nt.dll, a file that was loaded contained in the FlashHelperService.exe course of and which proceed to open a brand new browser window at common intervals, displaying varied ad- and popup-heavy websites.
The spammy habits clearly did not go unnoticed. Each common customers and different safety corporations observed it as effectively.
Moreover, moreover Minerva Labs, different safety corporations have additionally began choosing up suspicious exercise associated to the FlashHelperService.exe. Cisco Talos ranked this course of as its most generally detected menace for the weeks ending on January 14 and January 21, and the file additionally ranked in its Prime 10 on the weeks ending on January 7, February 11, and February 18.
This specific menace would not impression western customers because the Flash model they obtain from flash.cn will not work on methods outdoors China, however in gentle of Minerva’s report, they should not even attempt to check it, as this may increasingly result in putting in adware and compromising the safety of their methods/networks.