Slashdot Mirror

← Back to Stories (view on slashdot.org)

CoinMiners Use New Tricks To Impersonate Adobe Flash Installers (bleepingcomputer.com)

Posted by BeauHD on from the going-the-extra-mile dept.

An anonymous reader quotes a report from Bleeping Computer: Cryptocurrency miners are now being distributed by a new campaign pretending to be Adobe Flash Player installers. While this is not new, this particular campaign is going the extra mile to appear legitimate by not only installing a miner, but also updating Flash Player as well. In a new malware campaign discovered by Palo Alto Unit 42 researcher Brad Duncan, it was found that a fake Flash Player Trojan not only installed a XMRig miner, but it also automatically updated his installed Flash Player. This real Flash installer was downloaded by the Trojan from Adobe's site.

By actually performing an upgrade of the desired program, it makes the user less suspicious and adds further legitimacy that the Trojan was a real Adobe installer for Adobe Flash Player. While Flash Player is now updated, what the victim does not know is that a coinminer was silently installed on the computer and started. Once started, this sample would connect to a mining pool at xmr-eu1.nanopool.org and begin to use almost 100% of the computer's CPU in order mine the Monero digital cryptocurrency.

18 of 47 comments (clear)

  1. Desperation by r1348 · · Score: 4, Funny

    You know you're desperate when you disguise yourself as Flash.

    1. Re:Desperation by r1348 · · Score: 1

      If you think that Flash has a better reputation than your software, what you're doing is not a tradeoff, it's a race to the bottom.

  2. What is the bigger piece of malware by DarkRookie2 · · Score: 2

    Would it be the miner
    ...Or it could be the Flash Player.

    --
    http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
    1. Re:What is the bigger piece of malware by nnet · · Score: 1
      Yes.

      GENERATION 2711

    2. Re:What is the bigger piece of malware by roc97007 · · Score: 1

      > #`%${%&`+'${`%&NO CARRIER

      Wow, that's old school. But then again, so is Flash.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  3. Too funny. by cshark · · Score: 2

    I dare say, that's the nicest thing I've ever heard about a piece of malware doing in the wild.

    --

    This signature has Super Cow Powers

    1. Re:Too funny. by CanadianMacFan · · Score: 2

      A nicer thing would have been to install the miner, say the computer was no longer able to run Flash and uninstall Flash for them.

    2. Re:Too funny. by bloodhawk · · Score: 1

      There is nothing nice about something that installs flash on your machine.

  4. IDK, probably tired.. by Knightman · · Score: 1

    ..but I read 'Coal Miners Use New Tricks To Impersonate Adobe Flash Installers' and couldn't understand why there would be a need for a someone to be a dedicated adobe flash installer and why a coal miner would have the need to impersonate said person since there are probably more opportunities in the coal mining business...

    --
    --- Reality doesn't care about your opinions, it happens anyway and if you are in the way you'll get squished.
  5. Adobe Flash plugin update... by HouseOfMisterE · · Score: 2

    I've had two computers offer to update Adobe Flash over the past couple of weeks. Both had Firefox installed and I assumed that I had the Flash plugin installed and it needed updating (and maybe it did). I don't use Firefox on those computers anymore, so instead I uninstalled the Flash plugin and Firefox. Problem solved / catastrophe averted.

  6. Adobe Flash is still a thing? by roc97007 · · Score: 1

    Wasn't Flash supposed to be gone in, like, 2005?

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    1. Re:Adobe Flash is still a thing? by roc97007 · · Score: 1

      ...but then we heard all about how html 5 was supposed to replace flash.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  7. Is this news? by Darth+Technoid · · Score: 1

    I mean ... really!

  8. How do they know? by Trailer+Trash · · Score: 3, Funny

    "begin to use almost 100% of the computer's CPU"

    How is this different than just installing Flash?

    --
    Do you have ESP?
    1. Re:How do they know? by thegarbz · · Score: 1

      How is this different than just installing Flash?

      Cryptomining is useful.

    2. Re:How do they know? by timholman · · Score: 1

      "begin to use almost 100% of the computer's CPU"

      How is this different than just installing Flash?

      That's what's so brilliant about it.

      No one can tell the difference.

      Next up: mining malware that installs a legitimate copy of McAfee antivirus on your computer.

    3. Re:How do they know? by Trailer+Trash · · Score: 1

      How is this different than just installing Flash?

      Cryptomining is useful.

      For the win!

      --
      Do you have ESP?
    4. Re:How do they know? by Comrade+Ogilvy · · Score: 1

      Next up: mining malware that installs a legitimate copy of McAfee antivirus on your computer.

      That is funny but it is only barely a joke. I remember reading several years ago about a virus that was found to have its own anti-virus functionality -- presumably to improve/protect the performance of the infected machine so that it owner was less likely to have it wiped or tossed in the trash.