Fake Flash Updates Being Used By Hackers to Hide Crypto-Mining Malware

Oct 14 2018

Reports from Palo Alto Networks, a cybersecurity firm have pointed out that cryptocurrency mining malware is being pushed into the computers of unsuspecting users in the form of fake flash updates. These fake updates make use of pop-up notifications from the official adobe installer, convincing the users that this might be a genuine update. The update would first install the miner and then update the flash player to the latest version, so that users don’t suspect anything unusual.

Cryptojacking is among the most popular forms of cryptocurrency-related cybercrime - and this is the latest way hackers are spreading mining malware. Making use of various scripts, hackers can install certain programs on the computers of the users following which the computers of these unsuspecting users would make use of their processing power to mine for cryptocurrencies (typically Monero) and then send these currencies to the wallet addresses of the hackers. 

In the past too, fake flash updates were used to push malware into the systems. However, hackers are getting smarter with time and are making the malware even more stealthier than ever before - making it hard to detect. Palo Alto Network’s Brad Duncan commented on this, saying: 

“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

Once this cryptocurrency mining malware gets installed on to a user’s computer, it will begin the mining process - resulting in the user’s computer being slowed down because of a high level of resources being consumed by the miner. Users can observe an unusual process on the task manager consuming a large amount of their system’s resources. 

Palo Alto Networks observes that almost all of these fraudulent downloads had the string “flashplayer_down.php?clickid=” in the URL. 113 such malware have been detected since March 2018, showing that there is a clear increase in such kind of attacks by the hackers. What makes it look even more genuine is the fact that after the malware, as well as the Adobe update, are finished installing, a page from Adobe would pop up into the computers of the users, thanking them for updating their flash player. 

Crypto-crime, and particularly cryptojacking has been on the rise. Reports from earlier this year point out that Q2 2018 witnessed an 86% surge in cryptojacking attacks as opposed to Q1 2018. Moreover, cryptojacking in itself has surged by over 450% (source: CCN) in 2018 as compared to 2017. A recent report indicated that cryptojackers aren’t really making a lot of money, but the scale of their attacks causes quite a nuisance on the compromised computers as it slows down the processing power. 

High-profile targets of such attacks indicate websites of the Indian government as well as the government of UK, and even Russia! The best way to stay protected against cryptojacking is to ensure that your web filters are strong and that your antivirus software is updated to the latest version. Moreover, if you feel that your computer is slowing down, it is strongly advised to open up the task manager and check the processes tab to see if there is any abnormal activity going on. 

Comments