How do I tell if the Flash Player Installer is a virus?
There's been a couple of trojans recently that imitate the Adobe Flash Player installer one of which is called OSX/flashback.A. (More info here) I've been wary of updating Adobe Flash Player due to this trojan. How do I tell if the installer is the real thing, or if it's just a trojan? Also, where does it come from? I'm pretty sure the DMG for the trojan downloaded automatically, opened the installer, and wanted me to install it.
I know that I can download the official installer from the Adobe website, and will probably do this. However, my questions remain.
Solution 1:
There are a couple easy ways to identify the trojan in it's current form (aside from downloading directly from Adobe or using AV software):
The trojan is an installer package that opens with Installer.app, the real installer is an application (it doesn't use Installer.app).
When run, the trojan installer looks like the screenshot of the trojan installer in the CNET article you linked to, the real installer looks like the screenshot of the real installer in that same article. (Screenshots reposted below.)
The trojan is found exclusively on sites that are not adobe.com, generally from malicious sites.
Legitimate Flash Player Installer:
Trojan Installer:
Solution 2:
If you want to be sure, grab the official installer from Adobe's website. http://get.adobe.com/flashplayer/
Solution 3:
From the start of 2021, Adobe no longer supports Flash Player and has blocked Flash content from running in Flash Player. Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.
Consequently, it's now safe to assume that any Flash Player update you come across is malware.
https://www.adobe.com/uk/products/flashplayer/end-of-life.html