Adobe Flash is known to be a minefield of vulnerabilities and notorious actors exploit the same from time-to-time. Using fake Adobe Flash update popup on websites is another attack vector often used.
Along the similar lines, a recent type of fake Flash update has been uncovered by a security researcher of Palo Alto Networks’ Unit 42 group. Contrary to the previously found poorly-designed malware, it comes with additional deception.
Since cryptominers are the most trending category of malware, this fake Flash update installs an XMRig cryptocurrency miner. As a result, your computer’s processing power keeps getting used in the background for mining free digital coins.
The research found 113 examples of fake update malware since March 2018 with Windows executables starting with AdobeFlashPlayer_. While 77 of them contained malware with a CoinMiner tag, the rest samples shared other tags.
“Windows provided a typical warning about an unknown publisher that victims can easily click through on vulnerable Windows hosts,” the report further states.
It’s worth noting that the network traffic generated during the infection process mainly contains the Flash update. However, soon the miner starts generating traffic associated with XMRig cryptocurrency mining.
With the help of update traffic and Adobe popup, this malware tries hard to deceive users. However, if an organization has okayish web filtering, the malware could be easily caught.