Hackers hide cryptocurrency mining malware in Adobe Flash updates

Cryptocurrency scammers have been more creative and are now hiding mining malware in legitimate updates from Adobe Flash Player.

Researchers at the cybersecurity firm Palo Alto Networks discovered a fake flash update program used since the beginning of August. While he claims to install a legitimate Flash update, the malicious file sneaks into a cryptocurrency mining robot called XMRig (which exploits the Monero privacy chip).

The fact that the scam actually installs an authentic Flash update has the effect of diverting the user from deceptive acts. Many users may not know that their processor is running at full capacity, exploiting cryptocurrency on behalf of someone else.

What's going on?

When looking for fake flash updates, the researchers discovered 113 file instances with the preffix "AdobeFlashPlayer" hosted on servers other than Adobe.

Palo Alto Networks believes that users are directed to these files via spoof URLs. However, researchers have not been able to determine with certainty how victims reach these URLs from the start.

Palo Alto Networks tested one of the fake URLs and found that there was no reason to suspect a criminal act: web traffic, on the other hand, told a different story.

Once the URL has downloaded and installed a legitimate Flash update, the extraction robot connects to a Monero operating pool and goes to work.

Source: Palo Alto Networks Research Center.

As is usually the case with malware cryptocurrency extraction, the infected system of the victim is required without any reward. In this case, any mined Monero is redirected to a single wallet.

Source: Palo Alto Networks Research Center

Unfortunately, malware and crypto-attacks are not a new phenomenon. and again, Monero is the piece of choice of crooks.

Some research suggests that more than $ 250,000 of Monero are exploited every month using illegal browser-based operating scripts.

Last month, the community of Monero attacked hackers using XMR in these types of illegitimate scams. The Monero Malware Response workgroup is attempting to combat the growing number of Monero-based hackers.

Let's hope the working group deals with it fairly quickly.

Hard Fork has contacted Adobe for comments, we will update this article as we learn more.

Want more blockchain? Join us at Hard Fork Decentralized, our three-day event in London. We will discuss the future of the industry together. You can now register on our website !

Posted on October 12, 2018 – 09:52 UTC

Leave a Reply

Your email address will not be published.