India Markets closed

Cryptocurrency mining malware found hidden in Adobe Flash updater

Shubham Sharma

Cryptocurrency mining malware found hidden in Adobe Flash updater

13 Oct 2018: Cryptocurrency mining malware found hidden in Adobe Flash updater

A windows installer carrying legit Adobe Flash update has been flagged as a potential source of cryptocurrency mining malware.

The fake installer, when run, brings Adobe Flash Player to the latest version, leading the user to think it's authentic.

However, in the background, it installs the malware to mine cryptocurrency.

Here are the finer details.

Details: What does this fake updater do?

Discovered by security researchers at Palo Alto Networks, the fake Flash updater sneaks a cryptocurrency bot called XMRig while installing the Flash update.

The bot mines for Monero and has been deceiving users for nearly three months now.

Users get a legit Flash version from the installer, so that they don't realize what it might be doing to their machine in the background.

Search: How the malware was discovered?

The researchers found the cryptocurrency miner while analyzing one of more than 100 fake 'AdobeFlashPlayer' installers on the internet.

On running the program, it sought permission to download software from unknown publishers, but given the looks, most victims would have continued with the installation.

Next, the bot got into action and connected to a Monero mining pool in the background.

Mining act: Then, the system takes the load, mining cryptocurrency

After establishing the connection, the bot started mining Monero for the scammer, running the victim's CPU at full throttle.

The cryptocurrency mined, in this case, was being redirected to a single wallet, the researchers found.

However, it is worth noting that this is not the first case of cryptocurrency mining with a malware like this.

Fact: Illegal Monero mining

According to a study, more than $250,000 worth of Monero is mined every month using illegal browser-based scripts and programs. Even Starbucks' websites and The Pirate Bay have been found doing the same.