Though the Flash Participant app formally reached its finish of life on December 31, 2020, Adobe has allowed a neighborhood Chinese language firm to proceed distributing Flash inside China, the place the appliance nonetheless stays a big a part of the native IT ecosystem and is broadly used throughout each the private and non-private sectors.
At the moment, this Chinese language model of the previous Flash Participant app is accessible solely through flash.cn, an internet site managed by an organization named Zhong Cheng Community, the one entity approved by Adobe to distribute Flash inside China.
However in a report printed earlier this month, safety agency Minerva Labs mentioned its safety merchandise picked up a number of safety alerts linked to this Chinese language Flash Participant model.
During subsequent analysis, researchers discovered that the app was certainly putting in a legitimate model of Flash but additionally downloading and operating further payloads.
Extra exactly, the app was downloading and operating nt.dll, a file that was loaded contained in the FlashHelperService.exe course of and which proceed to open a brand new browser window at common intervals, displaying numerous ad- and popup-heavy websites.
The spammy conduct clearly did not go unnoticed. Each common customers and different safety companies observed it as nicely.
Moreover, moreover Minerva Labs, different safety companies have additionally began choosing up suspicious exercise associated to the FlashHelperService.exe. Cisco Talos ranked this course of as its most generally detected risk for the weeks ending on January 14 and January 21, and the file additionally ranked in its High 10 on the weeks ending on January 7, February 11, and February 18.
This explicit risk does not influence western customers for the reason that Flash model they obtain from flash.cn will not work on programs outdoors China, however in mild of Minerva’s report, they should not even attempt to take a look at it, as this will result in putting in adware and compromising the safety of their programs/networks.