Cryptojacking malware disguised as Flash update making its rounds
As cryptocurrency continues to gain favor around the world, the amount of malicious activity surrounding the digital currency has risen, as well. Over the course of this year, there has reportedly been an increase of 500% in the number of cryptojacking malware applications found circulating the Internet and infecting computers. The latest example went to great lengths to fool users.
According to Unit 42, the research arm of Palo Alto Networks, new cryptojacking malware disguised as a legitimate Adobe Flash update is in the wild. The update looks and acts like a legitimate update and will even update the software through Adobe, giving a greater impression that it is a true product implementation. However, the updater includes a bit of coding in an application called "XMRRig cryptocurrency miner" that installs itself on the target machine. It then will begin covertly mining the Monero (XMR) cryptocurrency.
According to Unit 42 analyst Brad Duncan, "In most cases, fake Flash updates pushing malware are not very stealthy. In recent years, such imposters have often been poorly-disguised malware executables or script-based downloaders designed to install cryptocurrency miners, information stealers, or ransomware. If a victim runs such poorly-disguised malware on a vulnerable Windows host, no visible activity happens, unless the fake updater is pushing ransomware.
"However, a recent type of fake Flash update has implemented additional deception. As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version."
XMR has been a favorite target of cryptojacking malware programs. Some reports have indicated that as much as 5% of the amount of XMR in circulation today was mined through malware.