Hackers hide cryptocurrency mining malware in Adobe Flash updates

mining malware

Crypto scammers have gotten extra creative and are now hiding cryptocurrency mining malware in legitimate updates of Adobe Flash Player.

Researchers from cybersecurity firm Palo Alto Networks discovered a fake Flash updater which has been doing the rounds since early August. While it claims to install a legitimate Flash update, the malicious file sneaks in a cryptocurrency mining bot called XMRig (which mines privacy coin Monero).

The fact the scam actually installs a genuine Flash update serves to distract the user from the deceitful goings-on. Many users may be unaware their CPU is now running at full tilt, mining cryptocurrency for someone else.

What’s going on with cryptocurrency mining malware?

While searching for Fake flash updates, the researchers uncovered 113 instances of files with the “AdobeFlashPlayer” prefix hosted on non-Adobe servers.

Palo Alto Networks believes users are directed to these files via spoof URLs. However, the researchers have not been able to confidently conclude how victims arrive at these URLs in the first place.

Palo Alto Networks tested one of the fake URLs and found that there would be no reason to suspect any foul play: the web traffic, on the other hand, told a different story.

After the URL downloads and installs a legitimate Flash update the mining bot connects to a Monero mining pool and gets to work.

cryptocurrency mining malware

As is usually the case with cryptocurrency mining malware, the victim’s infected system does all the heavy lifting with no reward. In this case, any mined Monero is redirected to a single wallet.

crypto monero wallett

Sadly, cryptocurrency mining malware and crypto jacking is not a new phenomenon; and yet again Monero is the coin of choice for the scammers.

Some research has suggested over $250,000 of Monero is mined through illegitimate browser-based mining scripts every month.

Last month the Monero community hit out at the hackers using XMR in these types of illegitimate scams. The Monero Malware Response Workgroup is trying to combat the growing number of Monero-based hacks.

Let’s hope the workgroup gets to work on this one pretty swiftly.

Author:  Matthew Beedham

Leave a Reply