Google alerts abused to deliver fake Adobe Flash updater


Security researchers warn that the threat actors are misusing Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on the users’ computers.

Google Alerts is a content change detection and notification service which sends emails to the user when it finds new results like web pages, blogs etc. that match the user’s search terms.

The threat actors create fake stories with titles containing popular keywords which are indexed by Google Search. After indexing, Google Alerts will alert people who are following those keywords.

When a user visits the fake stories using a Google redirect link, he will be redirected to the threat actor’s malicious site. On visiting the fake story’s URL directly, the website however shows that the page does not exist.

The fake stories are redirecting users to web pages by pushing browser notification spam, unwanted extensions, or fake giveaways.

The latest of this campaign included the fake news stories stating that your Flash Player is outdated and then prompts you to install an updater.

The Adobe Flash Player has already stopped and is no longer supported by any browsers. But many people may not realize this and click on the ‘Update’ button thinking they are installing the latest update.

When a user clicks on the Update button, they will download a setup.msi file that installs a potentially unwanted program called ‘One Updater.’

This One Updater will display updates that should be installed and offer potentially unwanted programs.

As of now, One Updater was not found pushing anything malicious but similar software were found installing password-stealing Trojans and cryptocurrency miners in the past.

If you are redirected to a website, either through Google Alerts, Google Search, or any other means and are prompted to install an extension or program update, simply close the browser as installing these programs only leads to malicious activity.


Please enter your comment!
Please enter your name here