- Cryptojacking malware masquerades as an update for Flash software.
- Unit 42 says about 5 percent of Monero is mined through malicious activity.
- Users are advised to avoid downloading software updates from unknown sources.
Things are not always what they seem; the unauthorized cryptocurrency mining, also known as cryptojacking crooks are back with a vengeance, only this time it’s more insidious. The felons are trying to spread cryptojacking malware to gullible victims by masquerading it as an update for Flash software.
Camouflaging as Adobe Flash Updates
An October 11, 2018 report by Palo Alto Networks’ research group called Unit 42 has given details of a new scheme by attackers camouflaged as genuine Adobe Flash updates. Their intention is to stealthily install unapproved cryptocurrency mining software on innocent victims’ computers.
The report by Unit 42 states that the counterfeit updaters are craftier than anything they have experienced before. Palo Alto’s Threat Intelligence Analyst Brad Duncan commented:
“This campaign uses legitimate activity to hide distribution of cryptocurrency miners and other unwanted programs.”
The research group suspects this illegal mining operation has been running since August this year with the climax of the activity being in September. The scam which pops up as a genuine Flash update has been tricking prospective victims into unintentionally downloading a XMRig cryptocurrency miner. The malware operates in the background and uses the power of the infected computer behind the owners back to acquire Monero for the hackers.
The researchers at Palo Alto discovered the fake Flash Update campaign when they were looking for Windows executable file names beginning with “AdobeFlashPlayer” from none-Adobe, cloud-based web servers. The sham updaters enter the victims’ systems through pop-up windows and their chances of downloading are increased by looking exactly like the authentic brand.
Victims who click through to download the “update” get a warning they are about to install software from an unknown publisher, while this should ordinarily be a red flag, most people will ignore the warning. Once ignored, the cryptocurrency miner secretly enters the system, without further warnings about what else has entered the system.
The stealth miner is designed to also download the real Flash Player Update from Adobe using actual windows from real installations and ultimately leads the unsuspecting user to a page that congratulates them for installing Flash Player.
Measures Undertaken to Counter Cryptojacking
Monero recently announced the launch of the Malware Response Workgroup, a team set up to help combat the rampant scams and attacks targeting the Monero community. Unit 42 is on record saying about 5 percent of Monero is mined through malicious activity.
Cryptojacking attacks are popular and users are advised to avoid downloading software updates from unknown sources to avoid falling victims. Duncan said:
“One should not install software provided by an unexpected window/web page that appears during routine browsing, no matter how convincing it may seem.”