Spoof Adobe Flash updaters are inserting cryptocurrency mining malware

By Arif Bacchus October 12, 2018

Image used with permission by copyright holder

Cryptocurrency mining malware could be hiding in your Adobe Flash Update, according to new research from cybersecurity firm Palo Alto Networks. Although not a new hacking tactic, the latest analysis shows a significant spike in Adobe Flash updaters which can go on and hide in the background and do damage to Windows systems.

Per the research in the study, there were a total of 113 fake updaters discovered on the web, none of which are hosted on official Adobe servers. A spike in these URLs appeared as early as June 2018, and then again in September 2018. The research doesn’t make it clear how one can arrive at these, but it shows that spoof URLs are the likely root cause.

Recommended Videos

In a test of one of these URLs on August 24, Palo Alto Networks revealed that the bogus Adobe updaters go on to legitimately update Flash Player and throw an unsuspecting user to an official Adobe website on completion. Unfortunately, it also ends up embedding an “XMRig” mining bot in the process. That bot then runs in the background, making a CPU go 100-percent full force, mining “Monero” cryptocurrencies for hackers. There’s no warning, and the only way to tell where connections were going was by analyzing the networking traffic.

“This campaign uses legitimate activity to hide distribution of cryptocurrency miners and other unwanted programs. Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates,” explains Palo Alto Networks.

Cryptocurrency malware is not a new phenomenon and has sometimes proven tough to remove from infected systems. Back in May, one strain of this type of malware crashed the PCs of those who manually tried to kill off the mining process from the task manager.

Adobe is actually ending support for Flash Player in 2020 and wants content creators and consumers to move to the much more secure HTML 5 platform. The firm cited browser plugins in that decision, noting that these can disrupt secure environments, cause browser instability issues, and open up browsers to hacking. Flash is mainly obsolete anyway, and many browsers are already blocking the plugin from starting automatically. It’s all one step toward a safer internet for us all.

Topics

Former Digital Trends Contributor

Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…

Music

Spotify vs. Pandora: which streaming service should you choose?

spotify vs pandora on iphone

Let's settle a musical debate: which music streaming platform should you use: Spotify or Pandora?

Both services have their unique strengths and weaknesses. Spotify boasts a more extensive music catalog, robust social features for sharing and discovering music with friends, and a more polished user experience across devices.

Computing

Ryzen AI nearly hits 60 fps in Black Myth: Wukong, but it’s not that simple

OneXFly F1 Pro gamig handheld.

Although AMD APUs appear in some of the best gaming handhelds, the latest Strix Point chips are still hard to find in new releases. However, the new OneXFly F1 Pro gamin handheld is making its debut with the Ryzen AI HX 370 chip in tow, and according to a benchmark in Black Myth: Wukong, it managed to average an impressive 58 frames per second (fps) at a 15-watt thermal design power (TDP). That's an impressive result, but digging deeper reveals that AAA gaming on the go is still not without any sacrifice.

The OneXFly F1 Pro comes with the Ryzen AI HX 370, which sports a total of 12 cores -- four Zen 5 and eight Zen 5c -- as well as 24 threads. The maximum boost clock on the Zen 5 cores reaches 5.1GHz, but the smaller Zen 5c maxes out at 3.3GHz. The default TDP was rated at 28 watts, but it can be configured between 15W and 54W. For an APU, the AI HX 370 delivers solid graphics capabilities, as it's equipped with the AMD Radeon 890M. It also sports a 7-inch OLED screen with a refresh rate of 144Hz.

Computing

Best Buy laptop deals: Cheap laptops starting at $200

Apple M1 MacBook Air open on a desk with plants in the background.

Best Buy is one of the best retailers to shop if you're looking for some of today’s best laptop deals. Whether you need something high end or more entry-level, Best Buy likely has a laptop that’s perfectly priced for you The Best Buy laptop deals going on right now include Dell laptop deals, HP laptop deals, Lenovo laptop deals, and even MacBook deals. With so much to choose from we thought we’d narrow down all of the Best Buy deals worth taking a look at. Reading onward you’ll find all the details you need in order to save on a new laptop at Best Buy, and if you aren’t finding what you’re looking for you can find some laptop deals among the current Amazon deals and Walmart deals as well.
HP 14-inch laptop — $200 $250 20% off

The HP 14-inch laptop is a sleek and fun computing device. It's a great option for anyone searching the best laptops for high school students or the best laptops for college. It has an Intel Pentium processor and 4GB of system RAM that combine to push through homework assignments, work presentations, and hours upon hours of binge watching. The 14-inch screen sports HD resolution and makes this HP laptop a great way to enjoy movies, photos, and other digital content. The HP 14-inch laptop is able to reach up to 14 hours of battery life on a single charge, making it a great all-day option for people who like to do their work on the go.