CoinMiners Use New Tricks To Impersonate Adobe Flash Installers

An anonymous reader quotes a report from Bleeping Computer: Cryptocurrency miners are now being distributed by a new campaign pretending to be Adobe Flash Player installers. While this is not new, this particular campaign is going the extra mile to appear legitimate by not only installing a miner, but also updating Flash Player as well. In a new malware campaign discovered by Palo Alto Unit 42 researcher Brad Duncan, it was found that a fake Flash Player Trojan not only installed a XMRig miner, but it also automatically updated his installed Flash Player. This real Flash installer was downloaded by the Trojan from Adobe's site.

By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.

Desperation

[r1348]

You know you're desperate when you disguise yourself as Flash.

Re:

[r1348]

If you think that Flash has a better reputation than your software, what you're doing is not a tradeoff, it's a race to the bottom.

What is the bigger piece of malware

[DarkRookie2]

Would it be the miner
...Or it could be the Flash Player.

Re:

[nnet]

Yes.

GENERATION 2711

Re:

[roc97007]

> #`%${%&`+'${`%&NO CARRIER

Wow, that's old school. But then again, so is Flash.

Too funny.

[cshark]

I dare say, that's the nicest thing I've ever heard about a piece of malware doing in the wild.

Re:

[CanadianMacFan]

A nicer thing would have been to install the miner, say the computer was no longer able to run Flash and uninstall Flash for them.

Re:

[bloodhawk]

There is nothing nice about something that installs flash on your machine.

IDK, probably tired..

[Knightman]

..but I read 'Coal Miners Use New Tricks To Impersonate Adobe Flash Installers' and couldn't understand why there would be a need for a someone to be a dedicated adobe flash installer and why a coal miner would have the need to impersonate said person since there are probably more opportunities in the coal mining business...

Adobe Flash plugin update...

[HouseOfMisterE]

I've had two computers offer to update Adobe Flash over the past couple of weeks. Both had Firefox installed and I assumed that I had the Flash plugin installed and it needed updating (and maybe it did). I don't use Firefox on those computers anymore, so instead I uninstalled the Flash plugin and Firefox. Problem solved / catastrophe averted.

Adobe Flash is still a thing?

[roc97007]

Wasn't Flash supposed to be gone in, like, 2005?

Re:

[roc97007]

...but then we heard all about how html 5 was supposed to replace flash.

Is this news?

[Darth Technoid]

I mean ... really!

How do they know?

[Trailer Trash]

"begin to use almost 100% of the computer's CPU"

How is this different than just installing Flash?

Re:

[thegarbz]

How is this different than just installing Flash?

Cryptomining is useful.

Re:

[Trailer Trash]

How is this different than just installing Flash?

Cryptomining is useful.

For the win!

Re:

[timholman]

"begin to use almost 100% of the computer's CPU"

How is this different than just installing Flash?

That's what's so brilliant about it.

No one can tell the difference.

Next up: mining malware that installs a legitimate copy of McAfee antivirus on your computer.

Re:

[Comrade Ogilvy]

Next up: mining malware that installs a legitimate copy of McAfee antivirus on your computer.

That is funny but it is only barely a joke. I remember reading several years ago about a virus that was found to have its own anti-virus functionality -- presumably to improve/protect the performance of the infected machine so that it owner was less likely to have it wiped or tossed in the trash.