Home / Crypto Currency / PSA: Hackers Are Using Fake Flash Updates to Hide Cryptocurrency Mining Malware

PSA: Hackers Are Using Fake Flash Updates to Hide Cryptocurrency Mining Malware


cryptocurrency mining malware

Advertisement

It has been discovered that fake Adobe Flash updates are being used to surreptitiously install cryptocurrency mining malware on computers and networks, creating severe losses in time, system performance, and power consumption for affected users.

Cryptojacking Breaks New Ground

While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems.

Writing in a post exposing the scheme, Unit 42 threat intelligence analyst Brad Duncan said:

“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

The implication of this unpleasant scenario is that a potential victim may not notice anything out of the ordinary while an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer. This miner software could potentially slow down the processor of the victim’s computer, damage the hard drive, or extract confidential data and transmit it onto other digital platforms without the victim’s consent.

Technical Details of Fake Adobe Update Cryptojacking Malware

Duncan explained that it was not very clear how potential victims were arriving at the URLs delivering the fake Flash updates; however, network traffic during the infection process has been primarily related to fraudulent Flash updates. Interestingly, the infected Windows server generates an HTTP POST request to [osdsoft[.]com], a domain affiliated with updaters or installers pushing cryptocurrency miners.

He said while the research team searched for certain particular fake Flash updates, it observed some Windows executables file with names starting with Adobe Flash Player from non-Adobe, cloud-based web servers. These downloads usually had the string “flashplayer_down.php?clickid=” in the URL. The teams also found 113 examples of malware meeting these criteria since March 2018 in AutoFocus. 77 of these malware samples are identified with a CoinMiner tag in AutoFocus. The remaining 36 samples share other tags with those 77 CoinMiner-related executables.

Duncan encouraged Windows users to be more cautious about the kind of Adobe Flash updates that they try to install, stating that while the Adobe pop-up and update features make the fake installer seem more legitimate, potential victims will still receive warning signs about running downloaded files on their Windows computer.

In his words:

“Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates.”

CCN recently reported that a report from McAfee labs showed that cryptojacking surged 86 percent in the second quarter of 2018, and is up 459 percent in 2018 so far over the whole of 2017.

Featured Image from Shutterstock

Follow us on Telegram or subscribe to our newsletter here.
Join CCN's crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.
Advertisement
Read more

Check Also

iCloud Hacker Demanded $175,000 Ransom to be Paid in Bitcoin

A hacker who filmed himself accessing Apple iCloud accounts has appeared in a U.K. court. Kerem Albayrak had demanded around $175,000 in ransom be paid in Bitcoin and Apple iTunes vouchers for the non-disclosure of sensitive user data. Apple Hacker Charged in Connection with Bitcoin Blackmail An IT analyst from north London has been charged with one count of blackmail and two counts of unauthorised acts intending to hinder access to a computer. Albayrak appeared at Westminster Magistrates’ court where he was granted unconditional bail until his case is heard at Southwark Crown Court on November 14. According to a report in the U.K.’s Daily Mail, Albayrak had recorded himself hacking into iCloud accounts and posted the footage on YouTube. He then contacted Apple and demanded $170,000 to be paid in Bitcoin and iTunes vouchers. He warned the global tech giant that he would disclose the personal details taken from the 319 million users’ accounts he had gained access to if they did not meet his demands. During court proceedings today, it was revealed that Albayrak initially requested around $75,000 before upping his demands to double that figure. He finally settled on $174,000 in Bitcoin and around $1,000 worth of iTunes vouchers. The prosecution’s legal representative, Lorna Vincent, stated: “Mr Karem Albayrak is accused of sending emails to Apple making financial demands for downloading database iCloud accounts and factory resetting those iCloud accounts… He entered into the accounts of the alleged victims and posted a video of his hack onto YouTube.” Albayrak is far from the first to make such ransom demands on big companies. His efforts are reminiscent of last year’s WannaCry ransomware attack. Based on the same principle of blackmailing firms with threats of releasing sensitive data, the malware attack infected hundreds of thousands of computers across the globe. The hacker behind it was able to evade authorities for over a year, but was arrested last month. In a number of decidedly more analogue attacks, people replaced data as the cornerstone upon which to leverage Bitcoin blackmails. In July of this year, a businessman from Cape Town was kidnapped and a demand of 50 BTC was made for his safe return. Liyaqat Parker was returned to his family in September. It is unknown if the ransom was met. Likewise, in Ukraine last December, a crypto-analyst from the EXMO exchange platform was also kidnapped. Once again, those responsible demanded Bitcoin for his safe return. In this example, the demands were met and Pavel Lerner was returned just days later. Fortunately, authorities were able to track Albayrak down before any harm could be done with the data he reportedly managed to access. This is hardly surprising, given how amateurish the young hacker went about coordinating his attack. Featured image from Shutterstock. The post iCloud Hacker Demanded $175,000 Ransom to be Paid in Bitcoin appeared first on NewsBTC.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.