The IT security researchers at Palo Alto Networks has identified that a fake Flash updater is circulating the web and fooling computer users by sneakily cryptocurrency mining bot XMRig. In the past few months, researchers have identified 113 fake updaters installing cryptomining on targeted devices.

The notorious updater is actively attacking computers since August and the CPUs are being exploited for mining Monero, a well-known privacy-focused crypto-currency.

“As early as August 2018, some samples impersonating Flash have borrowed pop-up notifications from the official installer. These fake Flash install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a ’s Flash Player to the latest version,” said Unit 42 threat intelligence analyst Brad Duncan.

Fake Adobe updates installing cryptomining malware while updating Flash  - fake flash update cryptomining malware 2 - Fake Adobe updates installing cryptomining malware while updating Flash

Not only computers, but networks are also potential targets of the fake Adobe Flash updates. The updater infects the system with cryptomining malware apart from the Flash installed on the computer in order to evade detection.

Researchers believe it to be an evolved form of cryptojacking and Flash updating, which are two of the most common techniques of launching cyber attacks, since it combines the two attacks in a single package.

As soon as the XMRig bot is installed it leeches out for your computer’s resources to mine for Monero and then places a real Flash update on the system. This is done to prevent the user from suspecting foul play.

Furthermore, by updating the Flash, the attackers want users to believe that nothing is wrong with the system, so that the mining continues. The primary objective of attackers is to ensure that the system keeps on mining for the cryptocurrency, and this is only possible when users don’t suspect anything.

“With an attack like ransomware, you’re going to be in the user’s face. Within a few minutes, you’re going to have their files, you’re going to have a pop-up saying, ‘Hey, I stole your , you need to pay me money.’ But with cryptomining, you want that computer to keep running your software as long as possible.”

Researchers at Palo Alto Networks were able to identify fake Flash updater while surfing the and found Windows executable files bearing the title AdobeFlashPlayer. That’s why, security recommend users to always browse cautiously.

Fake Adobe updates installing cryptomining malware while updating Flash  - fake flash update cryptomining malware 4 - Fake Adobe updates installing cryptomining malware while updating Flash

Monero wallet number identified by researchers

When the files were tested on Windows 7 Service Pack 1, the OS showed a warning about the software being unauthentic, which showed that the attackers lacked sophistication. However, users cannot detect that the software is unreliable since it’s been packaged too well to look genuine.

“Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates,” concluded Duncan.

There is no particular indication about the number of affected users, since Palo Alto Networks has only identified 113 instances so far, and they believe the number could be higher. Therefore, it’s difficult to quantify the extent of an impact as yet. Researchers are also concerned that by combining two malicious attacking techniques, attackers have expanded the scope of cryptojacking.



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here