Blog: Fake Adobe Flash Update Installs Ransomware; Performs Click Fraud

Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often a target of cybercriminals. Cybercriminals are using social engineering methods to distribute their malware through fake Flash update sites, often compelling unsuspecting users, who may be in need of a software update, to unknowingly install malware.

 

Blog: Fake Adobe Flash Update Installs Ransomware; Performs Click Fraud

 

 

 

 

Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often a target of cybercriminals. Cybercriminals are using social engineering methods to distribute their malware through fake Flash update sites, often compelling unsuspecting users, who may be in need of a software update, to unknowingly install malware.

 

Blog: Fake Adobe Flash Update Installs Ransomware; Performs Click Fraud

 

 

 

 

Symantec is correct it places the icon for the installed AV into the UI.

 

NZ_Ransomware1.jpg

 

 

The icons are in the temp folder along wth other files for the Ransom UI

 

 

Ransomware_AV_Icons.jpg

 

 

 

The variant uses the HKCU Winlogon registry key to load with the user account.

 

Quads