Beware of fake Flash updates – they could be Monero miners

Researchers are warning that they have discovered fake Flash updates – often the source of malware effecting computers – that are primed to drop XMR-mining crypto-jacking software victims’ devices.

A blog from Palo Alto Network’s Brad Duncan tells of how the phoney Flash installer utilises the same pop-up windows customers would expect from official Adobe installers, making them difficult to spot. Should duped users then go through the install process, they’ll be burdened with extra software looking to user their spare CPU cycles for mining crypto.  When users

This software, XMRig being a prime example, is installed alongside a genuine version of Adobe’s Flash Player to further hide what’s really going on, Duncan says. The researcher notes that this ups the stealth level of the malware considerably, as the installer ultimately does what the user expects after delivering the nefarious portion of its payload.

Crypto-jacking has proved to be one of the more popular cyberscams of 2018, having first exploded along with the value of many cryptocurrencies during 2017. Ironically, this news comes not long after the cryptocurrency in question here, Monero, announced its intention to clamp-down on its use in such scams following the explosion in their prevalence.

In announcing a new website to educate people of how to deal with mining Malware, Justin Ehrenhofer – director of the crypto’s malware response workgroup – managed to deliver both an explanation and an advert for Monero to CCN. Specifically, he noted:

“Attackers like Monero for two reasons: 1) it is private, so they do not need to worry about companies and law enforcement tracing what they do with the Monero after they mine it, and 2) Monero uses a Proof of Work (PoW) algorithm that is CPU and GPU-friendly; thus, the infected machines are competitive.”

Which is as good a dual-use bit of PR as we’ve heard in a while. So well done team Monero for that sneaky plug.