Crypto mining has become very common these days for hackers to earn a handsome income while putting a person’s devices at risk. Slowing computers, rising electricity bills, and other issues are caused because a hacker has infiltrated a computer through a malicious link or software. A new type of crypto mining malware was found recently that was posing as an Adobe Flash update. Once installed, it pushes a Monero cryptocurrency miner onto the computer, handing its owner an increased electricity bill while the hacker enjoys the riches.
That Flash Update? It’s Fake
Unit 42, the threat intelligence team at Palo Alto Networks, identified new malware that started appearing in August. It looks like a typical Flash update from the official Adobe installer and fools the users into believing that it is downloading a genuine update. Once done, the XMRig cryptocurrency miner, which is used to mine Monero, a privacy coin very commonly associated with the dark web, starts eating away the computer’s resources.
Interestingly, the malware also updates a victim’s Flash Player to the latest version, giving it a more authentic appeal. Victims are less likely to identify it as an unusual activity as the fake update works fine while the miner is running in the background. The researchers noted that a Windows computer would issue a warning to users before running the downloaded file for the update. Therefore, users must be proactive and remove the file immediately from their computer.
A Spurt in Illegal Crypto Mining
In a previous report, Unit 42 suggested that 5 percent of Monero in circulation has been mined through malicious activities. Another security firm, McAfee, noted that illegal crypto mining has increased by 629 percent in the first quarter of 2018 alone.
The researchers first noticed malicious activity when they found Windows executable files starting with the name adobeFlashPlayer that originated from non-Adobe destinations in cloud-based servers. A common text string helped the researchers find 113 samples of malware since March 2018, two-thirds of which were crypto miners. The remaining samples had at least some characteristics similar to crypto miners.
Palo Alto Networks said that organizations with “decent web filtering” have a lesser chance of infection. Thus, adopting proactive security measures is vital.