It has been discovered that fake Adobe Flash updates are getting used to surreptitiously install cryptocurrency mining malware on computers and networks, making severe losses in time, system performance, and power consumption for affected users.
Cryptojacking Breaks New Ground
While fake Flash updates that push malware have historically been simple to identify and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems.
Writing in a post exposing the scheme, Unit 42 threat intelligence analyst Brad Duncan said:
“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, however this malware can even update a victim’s Flash Player to the most recent version.”
The implication of this unpleasant situation is that a potential victim might not notice something out of the ordinary while an XMRig cryptocurrency miner or different unwanted program is quietly running in the background of the victim’s Windows pc. This miner software might potentially hamper the processor of the victim’s pc, harm the disk drive, or extract confidential data and transmit it onto other digital platforms without the victim’s consent.
Technical Details of fake Adobe Update Cryptojacking Malware
Duncan explained that it absolutely was not very clear how potential victims were arriving at the URLs delivering the fake Flash updates; but, network traffic during the infection method has been primarily associated with fraudulent Flash updates. Apparently, the infected Windows server generates an http POST request to [osdsoft[.]com], a domain affiliated with updaters or installers pushing cryptocurrency miners.
He said whereas the research team looked for sure particular fake Flash updates, it discovered some Windows executables file with names beginning with Adobe Flash Player from non-Adobe, cloud-based web servers. These downloads typically had the string “flashplayer_down.php?clickid=” in the url. The groups also found 113 examples of malware meeting these criteria since March 2018 in autofocus. 77 of those malware samples are known with a CoinMiner tag in autofocus. The remaining 36 samples share different tags with those 77 CoinMiner-related executables.
Duncan inspired Windows users to be a lot of cautious about the kind of Adobe Flash updates that they try to install, stating that whereas the Adobe pop-up and update features build the fake installer appear more legitimate, potential victims can still receive warning signs about running downloaded files on their Windows pc.
In his words:
“Organizations with good web filtering and educated users have a much lower risk of infection by these fake updates.”
CCN recently reported that a report from McAfee labs showed that cryptojacking surged 86 % in the second quarter of 2018, and is up 459 % in 2018 up to now over the whole of 2017.
** Important : If any body likes my cryptocurrency news and wants to donate BTC then send me as little as you can to my Bitcoin wallet address for running my blog.
This is my Bitcoin wallet address : 3KZSXtJ8ZN6bBzLsyLHAxL5AcCpbdC3XcX
">
0 comments:
Post a Comment