Malware often use many techniques to manifest itself onto their host. Recently, Sophos analysts have discovered a piece of malware masquerading itself as a flash player plugin for the Firefox browser (detected by Sophos as Troj/FFSpy-A).
When the file runs, it pretends to install the adobe flash player for your browser. The installation process can be seen below:
Upon restarting Firefox after the installation is complete, Firefox shows an extension has been installed as “Adobe Flash Player 0.2” as shown below:
Troj/FFSpy-A monitors your Google searches and sends this information to a remote server. It also inject ads into the web pages you are viewing based on the keywords you have used in your search.
This piece of malware seems to be spreading itself via internet forums pretending to be the installation file for the adobe flash player. To reduce the risk of infection, the user should avoid downloading executables from unknown and untrusted sources.