Latest Flash malware includes cryptocurrency mining software, but still updates Flash

Yes, Adobe Flash is still around, unfortunately, and that means it's still used as a way to target unknowing users with malware. As you'd expect, the latest malware to gain attention disguises itself as an update to Flash to trick users into installing malicious software. This time around, the malware is a cryptocurrency mining bot that uses system resources to mine for Monero. But there's an interesting twist: it actually does update the Flash software. Thanks, malware!

Advertisement

Discovered by researchers at the security firm Palo Alto Networks, the fake Flash updater has been making the round since August, presumably attempting to become the most considerate malware of the year. The researchers uncovered 113 instances of the fake updater, which installs the cryptocurrency miner XMRig.

In their testing on PCs running Window 7, the researchers found that upon installing the fake updater the operating system did present warnings about known software, but because of how authentic it looks it's easy to see how victims could be fooled. Once installed, XMRig goes to work quietly generating the Monero currency in the background, but also legitimately updates the Flash software to the latest version.

Advertisement

"It's likely to make the user think that nothing had gone wrong," said Palo Alto Networks' Ryan Olson. "Performing the update, and making the user think nothing bad had happened, goes hand in hand with the cryptomining business model." This is in contrast to something like ransomware, which Olson notes will be "in the user's face" in order to demand money in exchange for unlocking their files. "With cryptomining, you want that computer to keep running your software as long as possible."

Palo Alto Networks says it's not clear how many people could be affected by the fake Flash updater. The bad news is that those who have downloaded are likely experiencing very noticeable system performance issues, but then again at least their Flash is up to date.

SOURCE Palo Alto Networks

Recommended

Advertisement