Fake Flash For Firefox

Filed Under: Malware, SophosLabs

Malware often use many techniques to manifest itself onto their host. Recently, Sophos analysts have discovered a piece of malware masquerading itself as a flash player plugin for the Firefox browser (detected by Sophos as Troj/FFSpy-A).

When the file runs, it pretends to install the adobe flash player for your browser. The installation process can be seen below:


Upon restarting Firefox after the installation is complete, Firefox shows an extension has been installed as "Adobe Flash Player 0.2" as shown below:

Troj/FFSpy-A monitors your Google searches and sends this information to a remote server. It also inject ads into the web pages you are viewing based on the keywords you have used in your search.

This piece of malware seems to be spreading itself via internet forums pretending to be the installation file for the adobe flash player. To reduce the risk of infection, the user should avoid downloading executables from unknown and untrusted sources.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s