Is Adobe Flash back? - NO!

A malicious Chrome extension is circulating that pretends to be offering the latest update to Adobe Flash, even though Flash is no longer used and Microsoft issued a patch to remove it from Windows PCs because of all its unpatched security holes.

This malware extension actually installs the Cloud9 browser botnet into Chrome. Once installed Cloud9 can:

• Send GET/POST requests to get malicious resources.
• Cookie Stealing to compromise user sessions.
• Keylogging to steal passwords among other things.
• Layer 4 / Layer 7 hybrid attacks to perform DDos attacks from the victim’s PC.
• OS and Browser detection for next stage payloads
• Open Pop-unders to inject ads.
• Execute JavaScript Code from other sources to inject more malicious code.
• Silently load webpages to inject ads or more malicious code.
• Mine cryptocurrencies in the browser, using the victim’s computer resources to mine cryptocurrency.
• Send browser exploit to take control of the device by executing malicious code.

Don't accept any offers to install or update Flash, and when you see this offer, it's probably a good idea just to exit Chrome immediately.

Read more from Zimperium zLabs.