Slashdot Mirror
CoinMiners Use New Tricks To Impersonate Adobe Flash Installers (bleepingcomputer.com)
An anonymous reader quotes a report from Bleeping Computer: Cryptocurrency miners are now being distributed by a new campaign pretending to be Adobe Flash Player installers. While this is not new, this particular campaign is going the extra mile to appear legitimate by not only installing a miner, but also updating Flash Player as well. In a new malware campaign discovered by Palo Alto Unit 42 researcher Brad Duncan, it was found that a fake Flash Player Trojan not only installed a XMRig miner, but it also automatically updated his installed Flash Player. This real Flash installer was downloaded by the Trojan from Adobe's site.
By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.
By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.
You know you're desperate when you disguise yourself as Flash.
Cryptocurrency miners are now being distributed by a new campaign pretending to be Adobe Flash Player installers.
So, no danger to /. users or other tech-heads then.
Would it be the miner
...Or it could be the Flash Player.
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
I dare say, that's the nicest thing I've ever heard about a piece of malware doing in the wild.
This signature has Super Cow Powers
I disagree,
Having a miner on your machine is bad.
Having flash on the machine? Maybe worse ! /sarc/
The infected deserve it.
1849. Live the dream. Again.
Make 'murika Greedy Again.
If THAT were true, your post wouldn't exist. Be careful what you wish for.
..but I read 'Coal Miners Use New Tricks To Impersonate Adobe Flash Installers' and couldn't understand why there would be a need for a someone to be a dedicated adobe flash installer and why a coal miner would have the need to impersonate said person since there are probably more opportunities in the coal mining business...
--- Reality doesn't care about your opinions, it happens anyway and if you are in the way you'll get squished.
I've had two computers offer to update Adobe Flash over the past couple of weeks. Both had Firefox installed and I assumed that I had the Flash plugin installed and it needed updating (and maybe it did). I don't use Firefox on those computers anymore, so instead I uninstalled the Flash plugin and Firefox. Problem solved / catastrophe averted.
0.0.0.0 xmr-eu1.nanopool.org
0.0.0.0 nanopool.org
* Those 2 entries from the source article NULLIFY this threat from working @ all (even IF you stupidly were to 'suck it in', it can't work).
As an aside: /. REALLY has been AVOIDING many articles like that one (gosh I wonder why - SJW & political BULLSHIT seems to take precedence here lately vs. TECH & SECURTY) but hosts when they ARE REPORTED ON? WORK (for more speed too, not just security vs. threats) - there have been TONS MORE LIKE THIS & they do NOT get reported here on /. to HELP YOU VS. THREATS (from /.'s USUAL sources like BleepingComputer etc.)
APK
P.S.=> "It's working: Neville... it's working!" See subject & results from the past month https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... https://it.slashdot.org/commen... that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof).
Wasn't Flash supposed to be gone in, like, 2005?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
See subject: Via APK Hosts File Engine 2.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 Linux/BSD!
(Better vs. Windows model in speed/efficiency/merge)
APK
P.S.=> Protects vs. script trackers/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware downloads/malcript/email malicious payloads... apk
"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER
ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"
SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...
Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/
Spybot S&D uses hosts.
APK
P.S.=> Malwarebytes' hpHosts hosts & RECOMMENDS my program http://forum.hosts-file.net/vi...
Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016
his hosts program is actually pretty good by xenotransplant August 10 2015
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015
I like your host file system by Karmashock September 09 2015
that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015
I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017
* For the Win32/64 model...
APK
P.S.=> Linux model's faster/more efficient/better MERGE feature too - More coming... apk
Apk has the answer for that - really... kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on by raymorris (2726007) on Friday July 06, 2018
APK your posts on this and the hosts file posts, and more, have never been in error and/or bad advice by BlueStrat (756137) on Wednesday June 21, 2017
I support APK's stand on the hosts file and can't see why it's not used more than it is. My hosts file is 144247 lines long (4,332 Kb) it & a firewall serves me very well - by Trax3001BBS (2368736)
ABP is insufficient as a solid hosts file does everything APK reminds us about fast turtle September 17 2013
You need APK's hosts file - by Teun (17872) on Wednesday August 06, 2014
* For the Win32/64 model...
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
Actually, APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context. Of course, your phone has to be rooted, which isn't the case with Firefox + adblock." - by chihowa on Saturday May 16, 2015
APK solution STILL relevant Thud457 June 11 2015
In a footnote, I would like to note that I find your hosts file admirable - by vel-ex-tech (4337079) on Tuesday November 24, 2015
APK's monolithic hosts file is looking pretty good at the moment - by Culture20 on Thursday November 17
you're right about hosts files - by drinkypoo (153816) on Thursday May 26
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop - by nasredin (958927) on Friday June 12, 2015 @03:34PM
* For the Win32/64 model...
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works. - by bmo (77928) on Thursday October 15, 2015
get around to 'installing' a hosts file list, not sure which one, likely the one from someonewhocares.org. If it works as well as what I used for a while about ten years ago, I'll be happy. And grateful to APK for the lesson and the reminder. - by kermidge (2221646) on Wednesday March 27
I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster. - by gl4ss (559668) on Thursday November 17
dammit MS, you proved APK right about something by lgw
* For the Win32/64 model...
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
(APK) is still right a hosts file really does work. It even blocked a some of the video ads that were inserted into a stream OrangeTide February 10 2016
the Host File Engine performs exactly as promised - by mmell (832646) on Thursday February 16, 2017
I do use APK's host file on all my systems at home by OrangeTide December 01 2017
I've never tried to belittle (APK's work), I've flat out said it's good - by BronsCon (927697) on Thursday February 11, 2016 @06:48PM (#51491263)
* For the Win32/64 model...
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
I say the following as a caring human being who agrees with how useful HOSTS files are: Your zeal is to be respected - by dave420 (699308) on Monday September 08, 2014
But I love APK!The power of the hostfile compels you! by ratboy666 (104074) on Friday January 29, 2016
APK was right all along! C:\WINDOWS\HOSTS is the solution ;) - by sabri (584428) on Friday October 21, 2016
No complaints from me, I like APK's spam. Reminds me to use a host file. Also, his stuff is free. - by aaaaaaargh! (1150173) on Tuesday November 17, 2015
I'm a fan of apk. Yes he trolls, but he only trolls where it's contextually appropriate. I respect that - by Noah Haders (3621429) on Wednesday July 29, 2015
(Toss on 100,000++ users worldwide too...)
* For the Win32/64 model...
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
Did they at least set the priority to the lowest setting possible? Otherwise the user will notice and they or someone else will go looking for what's sucking up all the CPU. If they set the priority to the lowest possible or set the miner to use no more than 30% CPU, or maybe just half of the cores at 100%, it will allow them to fly under the radar longer.
I mean ... really!
"begin to use almost 100% of the computer's CPU"
How is this different than just installing Flash?
Do you have ESP?