Flash version distributed in China after EOL is installing adware

Support for the Adobe flash player program was discontinued by the Adobe company in 2020, but we know that it is still being used in China. It is possible to use the program in China through flash.cn, which is managed by a company called Zhong Cheng Network. Currently, this Chinese version of the legacy Flash Player application is only authorized by Adobe to distribute Flash within China.

According to a report by Minerva Labs, multiple security issues have emerged related to the Chinese version of Flash Player. Later, when they deepened their analysis, they observed that the Flash Player version installed a real version, but installed many additional programs as well as the program.

More precisely, the application creates a problem that loads within the FlashHelperService.exe program and periodically opens a new browser window, showing various ad- and pop-up-heavy sites. It was downloading and running nt.dll without permission.

The fact that Flash started showing pop-ups without permission has bothered many users. Blogs about this issue have been shared on the Adobe forums. Also, Minerva Labs, as well as other security firms, have confirmed this issue.

This issue does not affect other users outside of China as the version of Flash they downloaded from flash.cn does not work on systems outside of China, but we recommend that other users not try to test it.