Warning: Fake Flash Update could be using your computer for mining

A cryptojacking malware that mimics Adobe Flash has been revealed.

According to a report published by Unit 42 research group, the malware hides behind a fake Adobe update.

As explored with regards to Monero, Cryptojacking is the method an attacker will use to hack into a computer to illicitly mine cryptocurrency s on the owner’s computing system. This happens without the owner’s consent.

Brad Duncan of Unit 42 explained:

“[A] recent type of fake Flash update has implemented additional deception. As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

The research team at Unit 42 discovered that there has been an immense spike in file names and URLs for fake Flash updates between 25th of March through to 10th of September of this year.

Monero attacks

Cryptojacking has been a major problem for networks and companies who have been impacted, such as the MikroTik network which saw more than 200,000 routers affected.

As explained, Monero is often the targeted cryptocurrency in cryptojacking incidents. This is possibly because it links back to Coinhive which selected Monero for its JavaScript mining software because its proof-of-work consensus algorithm, CryptoNight, was designed to run well on consumer CPUs.

Algorithms that are resistant to specialised mining hardware known as ASICs may be designed to run on graphics hardware. However, it is reasonable to assume that fewer computers on the Internet will have great graphics cards than solid CPUs. Therefore, for a web-based miner Monero makes more sense.

By the same argument, Monero would also make more sense for cryptojackers who want to extract the maximum potential from the computers they use to mine on their behalf.