Hackers hide cryptocurrency mining malware in Adobe Flash updates

Cryptocurrency scammers have gotten extra creative and are now hiding mining malware in legitimate updates of Adobe Flash Player.
Researchers from cybersecurity firm Palo Alto Networks discovered a fake Flash updater which has been doing the rounds since early August. While it claims to install a legitimate Flash update, the malicious file sneaks in a cryptocurrency mining bot called XMRig (which mines privacy coin Monero).
The fact the scam actually installs a genuine Flash update serves to distract the user from the deceitful goings-on. Many users may be unaware their CPU is now running at full tilt, mining cryptocurrency for someone else.

What’s going on?

While searching for Fake flash updates, the researchers uncovered 113 instances of files with the “AdobeFlashPlayer” preffix hosted on non-Adobe servers.
Palo Alto Networks believes users are directed to these files via spoof URLs. However, the researchers have not been able to confidently conclude how victims arrive at these URLs in the first place.
Palo Alto Networks tested one of the fake URLs and found that there would be no reason to suspect any foul play: the web traffic, on the other hand, told a different story.
After the URL downloads and installs a legitimate Flash update the mining bot connects to a Monero mining pool, and gets to work.

hackers hide cryptocurrency mining malware in adobe flash updates
Source: Research Center, Palo Alto Networks.

As is usually the case with cryptocurrency mining malware, the victim’s infected system does all the heavy lifting with no reward. In this case, any mined Monero is redirected to a single wallet.

hackers hide cryptocurrency mining malware in adobe flash updates 1
Source: Research Center, Palo Alto Networks

Sadly, cryptocurrency mining malware and cryptojacking is not a new phenomenon; and yet again Monero is the coin of choice for the scammers.
Some research has suggested over $250,000 of Monero is mined through illegitimate browser-based mining scripts every month.
Last month the Monero community hit out at the hackers using XMR in these types of illegitimate scams. The Monero Malware Response Workgroup is trying to combat the growing number of Monero-based hacks.
Let’s hope the workgroup gets to work on this one pretty swiftly.
Source: The Next Web
To Read Our Daily News Updates, Please Visit Inventiva Or Subscribe Our Newsletter & Push.

See also  New Russian malware mines different cryptocurrency based on your system

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker