Avoid installing rogue apps through a Fake Software Update
Written by Tomas Meskauskas on (updated)
What is "Fake Software Update"?
Fake Software Update refers to a deceptive pop-up window, which claims that the Adobe Flash Player is outdated and requires an update. This scam promotes various rogue applications (e.g., browser hijackers and adware) and other potentially malicious content via fake Flash Player updaters/installers.
These pop-ups are usually displayed by deceptive/scam websites that are rarely accessed intentionally - most visitors to them are redirected by Potentially Unwanted Applications (PUAs) or intrusive advertisements.
There are several variants of the Fake Software Update. One of these variants firstly displays a pop-up window claiming that Adobe Flash Player is out-of-date. Its second pop-up states that, due to this, the current version does not have the latest security updates and cannot be used until it is updated.
It shows another window in the bottom right corner of the web page, which urges users to install the updates to continue using the Flash Player. The background page states that the newest updates are necessary to encode and/or decode audio files for the best experience (i.e., play them effectively).
It also adds that Adobe Flash Player is a vital browser plug-in, allowing users to view content ranging from videos and animation to playing games online. Since the software it outdated, it has supposedly been blocked and will not perform any functions. As with the pop-up windows, this page also has several buttons for downloading the alleged Flash Player updates.
Another variant of the scam shows a pop-up window informing users that Adobe Flash Player may be out of date. Additionally, the installed version might not have the latest security updates, and therefore might not be currently operational. This pop-up reassures users that these updates do not require a system reboot.
Despite a legitimate appearance, these alerts are bogus and fake. Clicking the "update/download" buttons leads to download of the supposed updates. The installation setup bears many similarities to the genuine Flash Player updater, however, it is fake. Any content installed through these false set-ups is rogue and possibly even malicious.
You are strongly advised to ignore such alerts and immediately leave any web page displaying them. Should that be impossible by closing the browser tab/window (some scam sites prevent users from doing so), use the activity monitor to terminate the browser process.
When the browser is reopened, do not restore the previous browsing session, otherwise the deceptive web page is also reopened (or the website that redirected to it).
PUAs can infiltrate the Fake Software Update scam into the system. These applications appear normal and offer a broad array of "useful" and "beneficial" features to lure users to install. The functions rarely work as advertised and, in most cases, are nonoperational.
PUAs generate redirects to deceptive/scam pages and various sale-based, untrustworthy, compromised, or even malicious websites.
They can deliver intrusive ad campaigns by employing tools to enable third party graphical content to be displayed on any site, thereby delivering unwanted and harmful ads, which diminish the browsing experience, cause redirects to likewise dangerous web pages, and stealthily download/install other PUAs.
Other types can make unauthorized changes to browsers (hijack them) and promote fake search engines. PUAs commonly have data tracking capabilities. They record browsing activity (browsing and search engine histories) and collect users' personal information (IP addresses, geolocations and other details).
This sensitive data is then shared with third parties (potentially, cyber criminals) seeking to misuse it for financial gain. In summary, PUAs present on devices can lead to browser and system infiltration/infections, financial loss, serious privacy issues, and even identity theft.
To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins immediately upon detection.
|Name||Fake Software Update pop-up|
|Threat Type||Phishing, Scam, Mac malware, Mac virus.|
|Fake Claim||Scam claims that the Adobe Flash Player is outdated and recommends that it is updated.|
|Detection Names||Avast (Other:Malware-gen [Trj]), BitDefender (Adware.MAC.Bundlore.DPS), AVG (Other:Malware-gen [Trj]), Kaspersky (HEUR:Trojan-Downloader.OSX.Shlayer.a), Full List (VirusTotal)|
|Symptoms||Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.|
|Distribution methods||Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.|
|Damage||Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.|
|Malware Removal (Mac)||
To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
The Internet is rife with deceptive websites. Scams similar to Fake Software Update include "Your Mac/iOS may be infected with 5 viruses!", "Your Mac OS Might Be Infected", "You-Have-1-Message-About-Your-Device", and many others. They typically use scare tactics to tempt visitors into downloading/installing and/or purchasing untrustworthy applications.
For example, they warn users that a crucial piece of software is outdated and offer updates for it. These web pages can also show alarms claiming that the device is infected and promote certain apps for elimination of the fake problem. Note that no site can find threats/issues on an operating system.
Any that make such claims are deceptive and must not be trusted. The same extends to the software they advertise. You are advised against downloading/installing/purchasing content endorsed on these pages.
How did potentially unwanted applications install on my computer?
Some PUAs have "official" download pages, however, they can also be installed together with other products. This deceptive marketing method of packing regular software with unwanted or malicious content is called "bundling".
Rushing download/installation processes (e.g. ignoring terms, skipping steps and sections, etc.) increases the risk of unintentionally allowing bundled applications onto devices. Once clicked, intrusive ads can execute scripts designed to download/install PUAs without users' consent.
How to avoid installation of potentially unwanted applications
Research content carefully before downloading/installing. Use only official and verified download channels. Peer-to-Peer sharing networks (BitTorrent, eMule, Gnutella), unofficial and free-file hosting websites, third party downloaders and similar sources are untrusted and should be avoided. Use tools/functions provided by legitimate developers to update software.
Treat download/Installation processes with caution. Read the terms, study available options, use the "Custom/Advanced" settings to decline downloading/installing additional apps, tools, features, etc. Intrusive ads may not seem suspicious, however, when clicked they redirect to dubious sites (e.g. gambling, pornography, adult-dating and others).
If you encounter ads/redirects of this kind, inspect the device and remove all suspicious applications and/or browser extensions/plug-ins without delay. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Screenshot of the initial pop-up window:
Text displayed in the pop-up windows:
Update to the latest version of Flash Player. Your current Adobe Flash Player version is out of date.
“Adobe Flash Player” is out-of-date
The version of this plug-in on your computer doesn't include the latest security updates. Flash cannot be used until you download an update from Adobe.Update Download Flash..
Flash Player Update
Install latest version of Adobe Flash Player in order to continue watching.
Screenshot of the background page:
Text displayed in this page:
Latest version of Flash Player is required to encode and/or decode (Play) audio files in high quality. - Click here to update for latest version.
Adobe Flash Player
Install the latest update
"Adobe Flash Player" is an essential plugin for your browser that allows you to view everything from video to games and animation on the web. The version of “Adobe Flash Player" on your system does not include the latest security updates and has been blocked.
To continue using “Adobe Flash Player", download an updated version.
Screenshot of another variant of the Fake Software Update scam pop-up:
Text presented in this pop-up window:
This update is recommended and no restart is needed
macOS Catalina Beta
10.15 - 6.45 GB
Your Adobe Flash Player may be out of date
The version of this plug-in on your computer might not include the latest security updates. Flash might not work until you download an update
Screenshots of the fake Adobe Flash Player installer promoted via Fake Software Update pop-up scam:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
- What is Fake Software Update pop-up?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
▼ Show Discussion