Mac users may think their Internet browsing is safer than that of their PC counterparts, but that assumption is not true when it comes to adware, browser hijackers and other forms of potentially unwanted programs (PUPs). Some PUPs arrive in the form of browser extensions, others as stand-alone applications — and at least one of the latter masquerades as an update to Adobe Flash Player, so that users will authorize its installation.

• Mac Adobe Flash Player Virus
• Flash Player Malware Removal Mac
• Flash Player Virus On Mac
• Download Adobe Flash Player For Windows 7

Most PUPs are more annoying than harmful and, because they put installation-opt-out checkboxes in the fine print, stay just this side of legal. But Russian anti-malware company Dr.Web has found one that borrows an illegal trick from Trojan-horse malware. The initial program is a falsified version of Flash Player distributed using the Cyprus-based WeDownload adware site, and the program asks the Mac user to authorize its installation with his or her administrator privileges.

MORE: Best Antivirus Software for Mac

Mac Adobe Flash Player Virus

It is designed to protect your Mac from virus, spyware, malware, adware and also optimize your Mac into peak performance. With this powerful tool, you can surf the Internet safe and always have a Mac computer performing like a new one. A decade-old Windows malware trojan wormed its way into the macOS ecosystem, complete with a signed (likely stolen) Apple developer certificate. The exploit appears as an Adobe Flash Player installer. Once permission is granted, it hides itself deep inside macOS folders. Its certificate has already.

Flash Player Malware Removal Mac

The fake Flash Player is actually a 'dropper,' a small piece of software designed to establish a beachhead on the machine and pull in yet more programs from the Internet. It reaches out to three different servers, which then send back HTML files promoting the user to install other PUPs, among them the Conduit browser hijacker, the OpinionSpy survey poll, the Crossrider adware and the well-known, but shady, antivirus program/system optimizer MacKeeper.

Each of these will give you a chance to not install it, as legally required, but will use misleading language to persuade you to do otherwise.

Flash Player Virus On Mac

The faux-Flash update that DrWeb obtained from WeDownload was digitally signed with the Apple developer ID 'Simon Max (GW6F4C87KX),' which should raise suspicions because it doesn't even reference Adobe.

Since adware programs are built to distribute ads, they are not likely to harm systems. But the same dropper that loaded the adware in this case could easily be repurposed to drag in ransomware, keyloggers, banking Trojans or other forms of truly malicious software.

If you are concerned your system has been infected by adware, we suggest you download a program to wipe it from your system, such Malwarebytes Anti-Malware for Mac. (You should already be running regular antivirus software on your Mac.) We also advise Mac users to only download software from approved online retailers, such as Apple's own App Store.

While they’re much less vulnerable than their Windows-based counterparts, Macs are still susceptible to contracting malware. Macs have even been infected by Windows-based malware cleverly disguised as award-winning titles like Adobe’s Flash Player. In fact, malware disguised as Flash Player is “particularly favored” among nefarious actors trying to exploit macOS machines, 9to5mac notes.

And while software like Malwarebytes is designed to scan for and remove potentially malicious software automatically, according to a blog post published by the security firm this week, there’s a new and much more aggressive variant of Flash Player malware currently on the loose — described in the post as a version of Crossrider adware capable of protecting itself from removal.

Essentially, the downloadable Flash plug-in is capable of changing the home page in both Apple’s Safari and Google’s Chrome web browser on macOS computers and, disturbingly, won’t allow users to change it back once it’s installed.

Download Adobe Flash Player For Windows 7

“After removing Advanced Mac Cleaner, and removing all the various components of Crossrider that have been littered around the system, there’s still a problem. Safari’s homepage setting is still locked to a Crossrider-related domain, and cannot be changed,” the firm explains, noting how “It turns out that this is caused by a configuration profile installed on the system by the adware.”

“Configuration profiles provide a means for IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.”

How to Delete Crossrider Malware and Restore Your Mac

As the firm explains, locating and deleting the installed Crossrider profile once it’s been installed can be tricky — but it’s still possible to erase, and restore your system/web browser back to its original settings.

Open System Preferences from your Mac desktop and click the Profiles icon. NOTE: if there’s no Profiles icon, then you don’t have any profiles installed, which is normal, according to Malwarebytes.

“This profile installs with an identifier of com.myshopcoupon.www, which is not visible in System Preferences,” the firm explains. “However, the profile can definitely be identified by scrolling through the details and looking for references to chumsearch[dot]com.”

To read more on this malware and how to properly identify and remove it if you’ve recently downloaded the Adobe Flash player specified, click here.