Hackers hide cryptocurrency mining malware in Adobe Flash updates

Hackers hide cryptocurrency mining malware in Adobe Flash updates

Cryptocurrency scammers have gotten extra creative and are now hiding mining malware in legitimate updates of Adobe Flash Player.

Researchers from cybersecurity firm Palo Alto Networks discovered a fake Flash updater which has been doing the rounds since early August. While it claims to install a legitimate Flash update, the malicious file sneaks in a cryptocurrency mining bot called XMRig (which mines privacy coin Monero).

The fact the scam actually installs a genuine Flash update serves to distract the user from the deceitful goings-on. Many users may be unaware their CPU is now running at full tilt, mining cryptocurrency for someone else.

What’s going on?

While searching for Fake flash updates, the researchers uncovered 113 instances of files with the “AdobeFlashPlayer” preffix hosted on non-Adobe servers.

Palo Alto Networks believes users are directed to these files via spoof URLs. However, the researchers have not been able to confidently conclude how victims arrive at these URLs in the first place.

Palo Alto Networks tested one of the fake URLs and found that there would be no reason to suspect any foul play: the web traffic, on the other hand, told a different story.

After the URL downloads and installs a legitimate Flash update the mining bot connects to a Monero mining pool, and gets to work.