Forum - CoinMiners Use New Tricks To Impersonate Adobe Flash Installers
News Fetcher
Joined: Oct 24 2009
Last Active: Never/Not tracked
Total Active: Never/Not tracked
Timezone: GMT+ -7
134648 posts
Last Page Viewed:
Post 150738       October 11 '18 at 12:51 PM
By BeauHD from Slashdot's going-the-extra-mile department:
An anonymous reader quotes a report from Bleeping Computer: Cryptocurrency miners are now being distributed by a new campaign pretending to be Adobe Flash Player installers. While this is not new, this particular campaign is going the extra mile to appear legitimate by not only installing a miner, but also updating Flash Player as well. In a new malware campaign discovered by Palo Alto Unit 42 researcher Brad Duncan, it was found that a fake Flash Player Trojan not only installed a XMRig miner, but it also automatically updated his installed Flash Player. This real Flash installer was downloaded by the Trojan from Adobe's site.

By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.