Cryptojackers are here to make fun of legitimate app developers and to make some money along the way. Since everything in technology changes, the cyber culprits are not going for infecting Wi-Fi networks, Amazon Fire TVs, and random websites with Coinhive. These days they are delivering the change by compromising otherwise legitimate Adobe Flash Players.
In fact, it is the old-school Trojan horse tactics but hey, old-school always works. In short, when you download the latest Adobe Flash Player update, you get an XMRig bot, which is here to hijack your computing power and mine some Monero for the bad boys.
The first to uncover the mining malware was the cybersecurity entity Palo Alto Networks. Indeed the corrupted Flash updater has been circulating the internet since the beginning of August. Apart from getting the “newest” Flash Player, you get the “newest” mining malware installed in the background, silently making profits for someone else. The chances are many users are unaware of the fact that they have been cryptojacked. While they may experience system outages, slow and impaired performance, those who are not familiar with crypto malware may have a hard time figuring out what is wrong with their devices.
The cybersecurity researchers have stumbled upon 113 files dubbed “AdobeFlashPlayer”. But the catch is, none of them are stored on Adobe-owned servers. Palo Alto Networks suggests that the cryptojackers have used bogus URLs to redirect their potential victims. One question remains, however, how and why users reached these URLs?
While the analysis of the URLs showed no signs of something suspicious, after the installation process the mining bot immediately connects to a Monero mining pool and starts doing its thing.
“Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary. Meanwhile, an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer,” reads the post.