Palo Alto Networks has recently warned that cybercriminals are using Adobe Flash updates to push Monero crypto mining malware. The fake updaters are stealthier than what has been observed before.
The updates from Palo Alto Networks (threat intelligence team Unit 42) note that while the fake Adobe Flash updates are not revealing the identity, a campaign that emerged in August this year has been utilizing pop-up notifications borrowed from the official Adobe installer.
The crypto mining malware XMRig can update a victim’s Flash Player to the latest version. The victim will find it legitimate without understanding any subjective difference. Due to this, the victims do not understand something unusual is going on as the fake update works silently. The XMRig digital currency miner or other unwanted programs silently run in the background of the victim’s Windows computer.
However, the good part of it is that the users will first receive warnings about running such downloaded files on their Windows computer. Hence, they should never ignore Windows warnings about an unknown publisher.
Earlier Unit 42 reported that the popular security firm McAfee had observed an increase of 629 percent of illicit crypto mining (termed cryptojacking) in the first quarter of the present year itself. Unit 42 also reported that around 5 percent of all Monero in circulation has been mined through malicious activity, ComputerWeekly.com noted.
The report released by Palo Alto Networks’ Unit 42 further notifies that SaaS-based application usage has intensified by 46 percent in the last 3 years including more than 316 apps. On the other hand, more than 40 percent of email attachments examined by WildFire were noticed to be malicious.
As far as blocking malware and limiting the risk of unauthorized crypto mining, the threat intelligence analyst for Unit 42, Brad Duncan suggested the users get the Flash updates only from Adobe to protect the system from getting malware downloaded from untrusted sites. The unexpected web page that appears during routine browsing should not be taken into account no matter how convincing it may look, eWeek suggested.[The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views and/or the official policy of the website. ]