Cyber Experts Uncover Cryptojacking Malware Concealed As Adobe Flash Updates
The Palo Alto Networks' Unit 42 team has determined that recent attacks masquerading as legitimate Flash updates have gotten more sophisticated, implementing the same popup notifications as legitimate Adobe software.
The Palo Alto Networks’ Unit 42 team has determined that recent attacks masquerading as legitimate Flash updates have gotten more sophisticated, implementing the same popup notifications as legitimate Adobe software.
Malware mimics Adobe Flash
Cryptojacking malware hidden behind a fake Adobe Flash update poses a significant threat to unsuspecting victims.
The researchers released their findings in a report on the threats of crypto mining malware, published October 11.
Cryptojacking occurs when an attacker uses a malicious software program to gain access to another user’s computer. Instead of stealing credit card data or passwords, the hacker’s goal is to take control of the device and redirect the machine’s computing power to mine cryptocurrency.
All this happens silently and without a victim’s knowledge, running in the background for as long as possible until discovered.
The Palo Alto Networks intelligence team explains that the malware covertly forces a victim’s computer to mine Monero (XMR), a favorite for cryptojacking attacks due to its privacy features.
The team specializes in analyzing cyber threats and says that in this case, the malicious strain installs an “XMRig cryptocurrency miner,” which then runs silently in the background.
The malware is different from previous attempts in that it does update the Adobe flash player to the latest version.
With this “legit” appearance, many victims are likely to keep its installation on their computers despite a typical warning concerning its unknown publisher.
According to the research team, fake Flash updates that push malware are, in most cases, not very stealthy. However, because this Flash update accomplishes what the user wants, “a potential victim may not notice anything out of the ordinary.”
Brad Duncan, reporting for the research center wrote:
“This sample generated Adobe Flash installer popup windows and a Flash Player installation. An XMRig Cryptocurrency miner then worked in the background of my infected Windows host.”
The team at Palo Alto Networks says they identified 113 examples of malware while searching for “fake Flash updates.” Using its Autofocus tool, the team was able to locate these files as they started with AdobeFlashPlayer, although they originated from non-Adobe web servers.
CoinMiner used to mine Monero in most attacks
The report says that “77 malware samples are identified with a CoinMiner tag,” while another 36 share related tags with the other 77 executables.
The profitability of cryptojacking has seen an explosion of incidents involving crypto mining malware, surging in volume as hackers sink more resources into developing attacks around the world. According to a report by Cyber Alliance Threat, the attacks have risen by about 500 percent in 2018.
Privacy-centric coin Monero is the most popular digital asset mined in this manner, with almost five percent of its current supply said to have been mined via mining scripts.
A few weeks ago, another report indicated that cryptojacking incidents were on the rise in India, with attackers using government-run websites to mine Monero.
On October 11, Iran’s cybersecurity authority warned that cryptojacking attacks using Coinhive had its highest number of incidents recorded in Brazil, with India and Indonesia coming in second and third respectively.