For decades, Adobe Flash was one of the most-used pieces of software out there. It had plenty of functions but was most useful at ensuring that websites could display content correctly. If you were watching videos, listening to music or playing games in your browser in the ’90s, chances are you’re familiar with Flash. But over time, the software became riddled with security vulnerabilities and became obsolete as operating systems and browsers gained new features. But while it’s effectively dead, it doesn’t mean you are clear from danger. Read on about how hackers still use outdated code to steal your details.
Say it with us: Flash is dead
To cut to the chase, Flash is no longer used by any operating system or internet browser — and there is no reason why it should be on your computer. Adobe discontinued the software in December 2020. But not everybody is aware of this, and criminals are taking advantage. Targeting Google Chrome users, a malicious extension pretends to update your Flash Player but instead steals your details. It looks like a legitimate extension but it’s actually the malicious Cloud9 browser botnet tool that hides a remote access trojan. Once installed, this fake extension can:
Steal your online account data.Log your keyboard strokes.Inject malicious advertising into your browser. In some cases, it can use your machine as part of a large botnet to launch DDoS attacks.
According to cybersecurity company Zimperium, the first instance of this malware goes back to 2017, and it has been updated several times. The Cloud9 botnet is distributed for free or sold for a few hundred dollars on various hacker forums. It’s easy to use and cheap and is being used by many threat actors for their own purposes. RELATED: Check your browser! These malicious extensions have been installed 1M times
How to keep your computer safe from malware
If you only download Chrome extensions from the official Google store, your chances of encountering Cloud9 are slim. But just because it’s rampant on third-party libraries and unofficial sources doesn’t mean you’re safe. The most important thing to remember is that Flash is no longer used. If you see a pop-up to update or upgrade, it’s fake.
Never download extensions from third-party sites: Only use official extension library for your browser. Even though bad downloads can sometimes slip through the cracks, official stores have robust security protocols.Don’t trust strangers: Don’t open or download an email attachment from someone you don’t know or trust. Keep up to date: Ensure that your computer’s operating system and internet browser are always updated to the latest version.Check reviews: See if others are warning about suspicious activity in the reviews of the extension you’re downloading.
Another great way to stay safe is to enable Google’s Enhanced Protection for Chrome. Tap or click here for 10 tips to keep Google Chrome secure.
Keep reading
If you’re prompted to update Flash Player, ignore it! Fake Adobe Acrobat downloads are infecting computers
