Researchers have identified cryptojacking malware that conceals itself behind a fake Adobe Flash update. The finding has been revealed in a cyber threat report published by Unit 42 research group on Oct. 11.
Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.
According to new research released by Unit 42, Palo Alto Networks' threat intelligence team, the malware strain surreptitiously compels computers to mine Monero (XMR) by installing an “XMRig cryptocurrency miner.”
The new malware is said to be particularly harmful, as the developers have copied the pop-up notification from an official Adobe installer. Moreover, the download really does update targets' computers with the latest version of Flash, further adding to its seeming legitimacy.
Unit 42 analyst Brad Duncan has stated that:
“In most cases, fake Flash updates pushing malware are not very stealthy… [but in this instance, b]ecause of the latest Flash update, a potential victim may not notice anything out of the ordinary."
Unit 42 reportedly uncovered the strain while searching for “popular” fake Flash updates using AutoFocus, a Palo Alto Networks intelligence tool:
“77.. malware samples are identified with a CoinMiner tag in AutoFocus.The remaining 36 samples share other tags with those 77 CoinMiner-related executables.”
As previously reported, coin miner works by using Coinhive – a JavaScript program created to mine Monero via a web browser. According to Unit 42, samples that deceptively mimic and install an actual Flash update have been in circulation as of August 2018.
Just yesterday, Iran’s cybersecurity authority issued a report that claimed that the highest number of recorded incidents of Coinhive infection have taken place in Brazil; India came in second, followed by Indonesia.
As reported in September, cryptojacking malware reports are said to have surged almost 500 percent in 2018. According to estimations in June, around 5 percent of the total circulating Monero supply was mined using malware.