Adobe's 'Partner' 2144 in China has suspicious malware actions in Flash Player distribution
1. Background
In Feb 2018, Adobe now distribute Adobe Flash Player in China with Partner 2144 (https://wwwimages2.adobe.com/content/dam/acom/cn/about-adobe/newsroom/pdfs/【媒体快讯】Adobe与214 4合作在中国大陆发行Flash%20Player_3.pdf ). But it seems that 2144 has some suspicious malware actions in Flash Player distribution. Previous discussion can be found in adobe forum, like:
https://forums.adobe.com/docs/DOC-9203
Now, it contains a new suspicious malware action: prompt advertisements using disguise mataintance service.
2. Problem detail: disguise mataintance service
When installing Adobe Flash Player 30 in 2144 distribution, it install a service named "Flash Helper Service". Description of "Flash Helper Service" says "Flash Player update assistant service…send anonymous usage to 2144…".
But In fact, this disguise mataintance service also prompt advertisements that user does not needed. This can be harmed to enterprise user.
Another user reported, if user disable this service, Flash player can not run:
http://bbs.ngacn.cc/read.php?tid=14168850&rand=384
In weibo, some users complain about 2144 distribution. A post pointed out that "Flash v30.0.0.113 seems lock region": http://weibo.com/5664614383/GkthLBSxp?refer_flag=1001030103_
3. Affected
All users in China using Adobe Flash Player by 2144 distribution
4. Suggestion
4.1 For customer
If needed, remove flash player and wait for Adobe reaction.
This action should be taken in enterprise in which need high security level.
4.2 For Adobe
It has been harmed to Adobe reputation. Adobe should revoke 2144 parentship.
Adobe should distribute Adobe Flash Player by own server, and provide clean offline Adobe Flash Player installation.
Jun 26, 2018 1:34 PM
