CoinMiners Use New Tricks To Impersonate Adobe Flash Installers (bleepingcomputer.com) 47
An anonymous reader quotes a report from Bleeping Computer: Cryptocurrency miners are now being distributed by a new campaign pretending to be Adobe Flash Player installers. While this is not new, this particular campaign is going the extra mile to appear legitimate by not only installing a miner, but also updating Flash Player as well. In a new malware campaign discovered by Palo Alto Unit 42 researcher Brad Duncan, it was found that a fake Flash Player Trojan not only installed a XMRig miner, but it also automatically updated his installed Flash Player. This real Flash installer was downloaded by the Trojan from Adobe's site.
By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.
By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.
Desperation (Score:5, Funny)
You know you're desperate when you disguise yourself as Flash.
Re: (Score:2)
If you think that Flash has a better reputation than your software, what you're doing is not a tradeoff, it's a race to the bottom.
What is the bigger piece of malware (Score:2)
Re: (Score:2)
GENERATION 2711
Re: (Score:2)
> #`%${%&`+'${`%&NO CARRIER
Wow, that's old school. But then again, so is Flash.
Too funny. (Score:3)
I dare say, that's the nicest thing I've ever heard about a piece of malware doing in the wild.
Re: (Score:3)
A nicer thing would have been to install the miner, say the computer was no longer able to run Flash and uninstall Flash for them.
Re: (Score:2)
IDK, probably tired.. (Score:2)
..but I read 'Coal Miners Use New Tricks To Impersonate Adobe Flash Installers' and couldn't understand why there would be a need for a someone to be a dedicated adobe flash installer and why a coal miner would have the need to impersonate said person since there are probably more opportunities in the coal mining business...
Adobe Flash plugin update... (Score:2)
I've had two computers offer to update Adobe Flash over the past couple of weeks. Both had Firefox installed and I assumed that I had the Flash plugin installed and it needed updating (and maybe it did). I don't use Firefox on those computers anymore, so instead I uninstalled the Flash plugin and Firefox. Problem solved / catastrophe averted.
Adobe Flash is still a thing? (Score:2)
Wasn't Flash supposed to be gone in, like, 2005?
Re: (Score:2)
Is this news? (Score:1)
I mean ... really!
How do they know? (Score:4, Funny)
"begin to use almost 100% of the computer's CPU"
How is this different than just installing Flash?
Re: (Score:2)
How is this different than just installing Flash?
Cryptomining is useful.
Re: (Score:2)
How is this different than just installing Flash?
Cryptomining is useful.
For the win!
Re: (Score:2)
That's what's so brilliant about it.
No one can tell the difference.
Next up: mining malware that installs a legitimate copy of McAfee antivirus on your computer.
Re: (Score:2)
Next up: mining malware that installs a legitimate copy of McAfee antivirus on your computer.
That is funny but it is only barely a joke. I remember reading several years ago about a virus that was found to have its own anti-virus functionality -- presumably to improve/protect the performance of the infected machine so that it owner was less likely to have it wiped or tossed in the trash.