BreachExchange mailing list archives
Fake Flash Updates Reportedly Used for Cryptojacking that Installs Crypto Miners
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 22 Oct 2018 09:21:26 -0500
https://dcebrief.com/fake-flash-updates-reportedly-used-for-cryptojacking-that-installs-crypto-miners/ NBC News reported this week on a Palo Alto Networks blog post that revealed an effort by some cryptojackers to use a fake Adobe Flash update to install cryptocurrency miners on computers. The cybersecurity company announced the findings on Thursday, and confirmed that the malware used to execute the cryptojacking is far more deceptive than most fake Flash updates According to the post, most fake Flash updates are far less stealthy than the one recently discovered by the company. “In recent years, such imposters have often been poorly-disguised malware executables or script-based downloaders designed to install cryptocurrency miners, information stealers, or ransomware,” the post notes. “If a victim runs such poorly-disguised malware on a vulnerable Windows host, no visible activity happens, unless the fake updater is pushing ransomware.” The recently-discovered fake update apparently does a better job imitating the real update software. Palo Alto Networks reports that these fake updates do more than just install hidden cryptocurrency miners: As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version. Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary. Meanwhile, an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer. Other cybersecurity experts have also noticed an increase in website hacks and an uptick in hackers’ attempts to steal computer users’ computing power. McAfee chief scientist Raj Samani told NBC, "This is not unique to this update. We are seeing many websites get hijacked and very authoritative websites we visit regularly are unwittingly consuming visitor resources for the benefit of criminals.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Fake Flash Updates Reportedly Used for Cryptojacking that Installs Crypto Miners Destry Winant (Oct 22)