These days the majority of web content is powered using HTML5, although there are still some websites that are holding out and are still relying on Adobe’s Flash Player. This is something that scammers seem to be aware of and are taking advantage of it as well, according to a report from security firm Confiant (via Tom’s Guide) where it was recently discovered that at least 1 million Mac computers are exposed to this malvertising scam.
According to the security firm, this scam relies on malicious ads that trick users into updating their Flash Player, when it in reality it actually installs a downloader called Shlayer that will expose these computers to malware. The scam has managed to evade some scanners by loading the ad normally, but then pulls in malicious content from an online data repository.
The problem is that quite a few malware scanners are actually unaware of this and as such allows the scam to evade their detection. However it has been pointed out that some of the larger apps such as Avast and AVG do, but there are dozens of other smaller scanners that do not.
To avoid potentially getting infected, you should probably ignore any popup that asks you to update your Flash Player. If you’d like to double check you can just head directly to Adobe’s website to get the latest version manually. In the meantime Google has announced that later this year, they will be disabling Flash Player completely in Chrome, while Adobe had previously announced that they would be ceasing development on the application by the end of 2020.