Fake Adobe Flash Updater Installs Crytocurrency Miners

Discussion in '[H]ard|OCP Front Page News' started by cageymaru, Oct 11, 2018 at 11:45 PM.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    18,841
    Joined:
    Apr 10, 2003
    Fake Adobe Flash installers are infecting computers with malicious programs such as the XMRig cryptocurrency miner. It fools users into thinking the program is legitimate by using genuine Adobe graphics and pop-up screens from the official Adobe installer. It even properly updates Adobe Flash to the latest version on the victim's PC. But it downloads the legitimate Flash update from a compromised server along with cryptocurrency miners that forces the victim's PC to mine Monero.

    While searching for these particular fake Flash updates, we noticed Windows executables file names starting with AdobeFlashPlayer__ from non-Adobe, cloud-based web servers. These downloads always contained the string flashplayer_down.php?clickid= in the URL. We found 113 examples of malware meeting these criteria since March 2018 in AutoFocus. 77 of these malware samples are identified with a CoinMiner tag in AutoFocus. The remaining 36 samples share other tags with those 77 CoinMiner-related executables. See Appendix A for the full list of the file hashes. Appendix B lists 473 file names and URLs for these fake Flash updates from March 25th, 2018 through September 10th, 2018.
     
    AceGoober likes this.
  2. Vader1975

    Vader1975 Gawd

    Messages:
    598
    Joined:
    May 11, 2016
    This has been known for quite some time. The fake adobe updater/installer viruses.
     
  3. spintroniX

    spintroniX Gawd

    Messages:
    909
    Joined:
    Apr 7, 2009
    Crypto will change the world, indeed.
     
    Vader1975 likes this.
  4. Geef

    Geef Limp Gawd

    Messages:
    317
    Joined:
    Aug 5, 2009
    And this surprises who again?
     
    AceGoober and Vader1975 like this.
  5. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,139
    Joined:
    Nov 9, 2017
    Who the hell is still using Flash for anything? They get what they deserve, as far as I am concerned.
     
  6. RiPpLeeFFecT

    RiPpLeeFFecT Limp Gawd

    Messages:
    356
    Joined:
    Mar 3, 2004
    XMRig isn't malicious if you actually want to mine CryptoNight coins anyway. Just if you didn't ask for it.
     
  7. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,977
    Joined:
    Mar 4, 2013
    IIRC, years ago the legitimate Adobe installer had a nasty habit of installing extra software if you weren't very careful in either checking or unchecking certain boxes. Guess some things don't change much.
     
    AceGoober likes this.
  8. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,394
    Joined:
    Oct 13, 2016
    Damn you miners, get off my flash-lawn.
     
    AceGoober likes this.
  9. AceGoober

    AceGoober Live! Laug[H]! Overclock!

    Messages:
    22,957
    Joined:
    Jun 25, 2003
    Installing Flash-anything from an unknown publisher (<== key words) is dangerous in of itself. Best to get any Flash Update directly from Adobe and nowhere else.
     
    ManofGod and Icon_Charlie like this.
  10. MatsSvensson

    MatsSvensson n00bie

    Messages:
    42
    Joined:
    Nov 12, 2012
    https://homestarrunner.com/