The security researchers at cybersecurity firm Palo Alto Networks have discovered that a fake Flash updater has been circulating the web and fooling the computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero.
When the fake updater is installing the XMRig malware, it is also updating the user’s Flash. The attackers want the users to think that nothing is wrong with their system and that the mining continues in the background.
The researchers were able to identify the fake Flash updater while they were searching the internet and found Windows executable files starting with AdobeFlashPlayer from non-Adobe, cloud-based web servers. The search results included 113 examples of malware.
The research team ran tests on Windows 7 Service Pack 1 and found that the operating system gave a warning about downloading software from unknown publishers. Since the malware looked so legitimate it is possible that victims would have clicked yes and carried out the installation process.
Besides computers, the networks are also target of the fake Adobe Flash updates. Researchers believe it to be an evolved form of cryptojacking and Flash updating, which are two of the most common techniques of launching cyber-attacks, since it combines the two attacks in a single package.
During the crypto boom late last year, it wasn’t just hackers trying to damage citizen computers for financial gain but also the websites. Certain Starbucks websites and The Pirate Bay were found to be feeding off the processing power of its users to make some extra crypto on the side. And whenever there’s money to be made, bad actors will try and find uncertain ways to scam people for cash.