Many users and cybersecurity specialists have discovered that a special version of Flash for China has turned into adware.
As you know, at the beginning of 2021, support for Adobe Flash Player was finally discontinued. A special self-destructing code was pre-built into the software code, and starting from January 12, 2021, Adobe blocks the launch of any Flash content.
However, in China, Adobe has allowed local Zhong Cheng Network to continue Flash support, as it is still an important part of the local IT ecosystem and is widely used in both the public and private sectors. For example, at the beginning of the year, due to the termination of support for Flash, Chinese railway workers faced serious problems.
A special Chinese version of Flash is distributed through the flash[.]сn website and Minerva Labs recently discovered that it is insecure.
According to the researchers, in addition to Flash itself, other payloads also penetrate users’ machines. In particular, the application downloaded and launched the nt.dll file inside the FlashHelperService.exe process, which opens a new browser window at regular intervals and shows various sites with a lot of ads and pop-ups.
The suspicious behavior of this process was also noticed by Cisco Talos analysts, who noted that FlashHelperService.exe became one of the leading threats in January, and then in February.
Users noticed this problem too. Numerous complaints can already be found on the Adobe Support Forum, local blogs, and more.
Let me remind you that the Authorities of South Africa create their own browser to continue to use Flash.
