Fake Flash Update Installs Malicious Browser Extensions That Will Compromise Your PC

Gallery Icon

bill-swift - July 3, 2012

Trojans and viruses executed using vulnerabilities found in Flash is nothing new. But cyber criminals keep on using them for the main reason that they're so effective.

Many online users are aware that they need Adobe's Flash player to view certain types of content, like YouTube videos. So if they come across an alert telling them that they need to download the latest Flash update to access certain content, then they'd probably do so without any second thoughts.

Security experts from Zscaler have come across a website that displays a phony window encouraging users to install Adobe Flash Player so that they can view a certain clip. However, what users will actually be downloading is a fake extension for web browsers that depend on the browser that they're using: .XPI for Firefox, .CRX for Google Chrome, or .exe for Internet Explorer.

Once the extensions have been installed, the hacker will be able to gain access to the user's computer.

The current files being pulled are not very dangerous, but that could change in the future. An invisible IFRAME is inserted in each new page loaded. The IFRAME contains advertising from, and contains a username in the URL.

The author could change the remote file at any moment to do much more harm, like stealing cookies to obtain access to the user accounts on any site, stealing username/credentials being entered or previously saved.

-- Julien Sobrier, security expert at Zscaler

Anti-virus programs can do little to solve the threat, because .XPI and .CRX file extensions are not recognized as dangerous by most AVP. In this case, you can keep your computer protected by downloading updates and software only from the actual vendor's website and ignoring such alerts that come from third-party sites, especially ones that look a bit shady.

Tagged in: gear ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.