PSA: Hackers Are Using Fake Flash Updates to Hide Cryptocurrency Mining Malware

[Jvcki Waii]

It has been discovered that fake Adobe Flash updates are being used to surreptitiously install cryptocurrency mining malware on computers and networks, creating severe losses in time, system performance, and power consumption for affected users.

Cryptojacking Breaks New Ground
While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems.

Writing in a post exposing the scheme, Unit 42 threat intelligence analyst Brad Duncan said:

“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

The implication of this unpleasant scenario is that a potential victim may not notice anything out of the ordinary while an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer. This miner software could potentially slow down the processor of the victim’s computer, damage the hard drive, or extract confidential data and transmit it onto other digital platforms without the victim’s consent.

Technical Details of Fake Adobe Update Cryptojacking Malware
Duncan explained that it was not very clear how potential victims were arriving at the URLs delivering the fake Flash updates; however, network traffic during the infection process has been primarily related to fraudulent Flash updates. Interestingly, the infected Windows server generates an HTTP POST request to [osdsoft[.]com], a domain affiliated with updaters or installers pushing cryptocurrency miners.

He said while the research team searched for certain particular fake Flash updates, it observed some Windows executables file with names starting with Adobe Flash Player from non-Adobe, cloud-based web servers. These downloads usually had the string “flashplayer_down.php?clickid=” in the URL. The teams also found 113 examples of malware meeting these criteria since March 2018 in AutoFocus. 77 of these malware samples are identified with a CoinMiner tag in AutoFocus. The remaining 36 samples share other tags with those 77 CoinMiner-related executables.

Duncan encouraged Windows users to be more cautious about the kind of Adobe Flash updates that they try to install, stating that while the Adobe pop-up and update features make the fake installer seem more legitimate, potential victims will still receive warning signs about running downloaded files on their Windows computer.

In his words:

“Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates.”

CCN recently reported that a report from McAfee labs showed that cryptojacking surged 86 percent in the second quarter of 2018, and is up 459 percent in 2018 so far over the whole of 2017.

[nsson8e]

That sounds scary. There is no alternative of using a trusted internet security protocol. These fake updates or any other threats can be filtered out by the internet security. 

[authpaperICO]

Just like how to prevent malware, just download things from the places you trust. Even better, do not use Flash.

[Kakmakr]

Any Anti-virus software with proper web filtering will stop the Malware infection, but you should adhere to the warnings when it prompts you for actions. I update Adobe manually, when it starts asking for updates and does not simply follow the links provided via the popups to be safe.

Also, even if you bypassed the warnings and you installed from the URL provided, then the Anti-virus should flag the executable being installed. This is why your AV should be updated at all times, to detect these infections. 

[Rufuspetersko]

The hackers are really finding new ways everyday to hack in any personal account, so yours might also be true. The investors have nothing else to do except for being cautious. They might also use anti malware and anti virus to protect their pc, account and personal data.

[Angie Vasquez]

Using false flash update as a cover to do hiding mining is not a new thing for the hackers. Up to date anti-virus, firewall should be able to prevent this kind of hacking. Ad-blocker on the browser is another option that can help in this situation.

[BitBustah]

A smart hacker wouldn't waste their time on mining malware.  They could make a lot more money through other attack vectors.  I guess some people just want to watch the world burn.  Well, if you notice your pc running extra slow there may be a secret miner installed.  Make sure you alyways have the latest antivirus software updates installed.

[bitfocus]

That's kinda scary! But these are not Top Notch Hackers, they won't waste time on Mining Malware, which is more dangerous as these cheap crackers has no ethics.

[Aidenpeters]

Well,miners should pay more attention to every detail about mining malware. The miner software could potentially slow down the processor of the victim's computer,damage every detail. It causes a huge harm to cryptocurrency miners.

[Flying BTC]

Crypto mining malware you can find with the soft called Avast or Comodo, here are links https://antivirus.comodo.com/blog/comodo-news/detect-remove-bitcoin-miner-virus/ and https://blog.avast.com/protect-yourself-from-cryptojacking. 

[silent17]

I hope that the authority can handle this kind of hackers.
Or perhaps all antivirus software can detect this kind of issue.
Can't we call the attention of all antivirus company to address this issue? specially adobe.

[pawanjain]

Good to bring awareness to the people. It has become really easy for people to inject crypto miners to users' computers.
Using good antivirus may keep you safe from such miners but it is  always safer to be aware of what your system is doing in the background.
It's easy for geeks to identify what's fishy in their computers but the noobs are the ones who get affected by such malwares.
This is why I advice people to learn more about computers as I see the future lies in technology and computers and one must know to tackle such problems.

[Antinomist]

Cryptojacking has been a real concern for a while. Mining tools are being pushed through fake updates. People are advised to properly investigate before downloading or updating through certain websites.

[Symptomatic]

Adobe Flashplayer is one of the most used software globally, it is sad to hear about these mining scripts in the fake updates. Not only softwares many sites also use this kind of hacks, it is high time stop this.

[Thinkable999]

This is pathetic. I don't use any of adobe softwares, not even flash. But a lot of people use them and they will be prone to such hack. Also, a lot of websites run some scripts for mining the moment you visit their website. We need to be more careful than ever.

[dothebeats]

I've been seeing random pop-up messages that tells me to update the flash player even though I have the latest one. Also, this usually happens on ad-infested sites that doesn't give a shit for their users as long as they profit. I'd rather not click okay on these pop-ups and whenever necessary, I'll turn on my ad blockers since these are your primary line of defense against such, secondary would be your own AV at your machine.

A similar exploit has also been uncovered back in 2015, wherein a downloaded script unbeknownst to the user would change the addresses on the clipboard to a certain one. It's quite funny that hackers are degrading into scumbags in this field, resorting to crypto mining malware rather than focusing on the big stuff--not that I'm complaining but even they have their wits' put to something shit.

[Itcher]

In the world of cryptocurrencies you need to be very careful, the dangers from hackers can be everywhere, carefully recheck everything or risk losing all your money