Adobe Flash Player Updates Could Contain Crypto Malware

Palo Alto Networks warned this week that fake Adobe Flash Player updates carrying cryptocurrency mining malware are on the increase.

In its latest blog post, the cybersecurity company reveals that it has uncovered more of the fake Flash updates during its work and research than ever before.

These fake updates use pop up notifications from the official Adobe installer. If the update is run by the system user, it will add cryptocurrency mining malware like the XMRig cryptocurrency miner. It may also update the system’s Flash Player to the latest version, making it less likely for a user to notice the malware.

Once embedded, cryptocurrency mining malware will run in the background of an operating system, mining cryptocurrency. The malware may or may not be identified by a user’s antivirus protection.

Cryptocurrency mining malware can also be spotted if a system’s resources suddenly come under pressure, or the processor seems to be running constantly. Malware may be identified in the Windows Task Manager as an unusual program using system resources.

Malware on the Increase

Palo Alto Networks spotted Windows executable file names with the prefix “AdobeFlashPlayer” originating from non-Adobe cloud-based web servers. The servers belong to, or have been utilized by, the hackers.

Since March 2018, Palo Alto has noticed an increase in these occurrences — peaking during the month of September. In a test of one fake update, Palo Alto found the mining malware to be mining Monero, commonly used by attackers due to its anonymous nature.

McAfee Labs Threats Report for September 2018 found that though new types of all malware were less frequent so far in 2018, total occurrences of malware continued to rise. Incidences of malware have continued to increase since 2016.

Protection Against Cryptocurrency Mining Malware

Palo Alto Networks concluded that more knowledgeable PC users, or those running antivirus and system protection, were much less at risk than others. Regular system and antivirus updates will make it more likely for malware to be identified either before or after installation.

System users should investigate further if their system suddenly slows, or appears to be using more resources than usual.

If running pop-up updates, users should check their origins and file names which may indicate a non-genuine install.

Cryptocurrency mining malware is just one type of malware to reward hackers in cryptocurrency. More malicious malware like Combojack and other clipboard hijackers will instead wait on a users system until they find cryptocurrency wallet addresses copied to the operating system’s clipboard. When the user tries to paste the wallet address to an exchange or for a transfer, the malware will replace the user’s wallet address with that of the hacker. Unsuspecting victims can end up transferring cryptocurrency balances directly to hackers.

Cybersecurity company Carbon Black warned recently that $1.1 billion has been stolen from cryptocurrency investors — including via malware attacks — in just the first half of 2018.

Have you been affected by malware plaguing Adobe? Tell us how in the comments below!

Images courtesy of Bitcoinist archives, Shutterstock.