A new wave of malware attacks targeting Adobe Flash users has emerged. While Adobe Flash is often a prime target for hackers this latest attack has a twist.
It’s disguised as an update to Adobe Flash Player and it actually does update the Flash player. But it also sneakily installs Monero crypto mining code onto the Windows computers of unsuspecting victims.
- A user is less likely to suspect that an Adobe Flash update if bogus if their installation of Adobe Flash really is brought up-to-date.
- However there are no clues that the installer is not the one approved by Adobe.
A clear warning sign is that the duplicitous installer has not been digitally signed by Adobe. As result it causes Windows to pop up a warning that the user is about to run code from an unknown publisher.
- The phrase ‘Unknown’ in reference to the publisher should alert users that all is not what it seems to be.
- If it was a bona fide installation, next to ‘Publisher:’ would be ‘Adobe’.
That said this cunning trick is likely to slip by a lot of people who will click on ‘Yes’ to install the update without thinking about it.
This is almost a reflex action given that we’re so used to clicking ‘Yes’ when installing software.
- The cryptomining malware is known as XMRig
- Once installed it generates network traffic via a TCP port
- When the malware code is installed a computer can become sluggish though it may be difficult for many users to spot this.
- The malware mines Monero, a digital currency that has been widely adopted by cybercriminals.
- An estimated $250,000 worth of Monero is believed to be mined through illegitimate means every month.
- Consequently cyber criminals will continue to develop ever more ‘creative’ approaches to disguise their mining malware.
What to do?
- Make sure you are running up-to-date anti-virus software.
- Be aware of and don’t ignore security prompts that warn software is from an unknown publisher.
- Only update Adobe from the legitimate Adobe website.
- If you’re running BullGuard protection you don’t need to worry because it checks digital signatures and immediately alerts you if a ‘signature’ is not legitimate.
Attacks on Adobe
That said it pays to keep abreast of emerging new threats and as already mentioned Adobe Flash is a popular target for hackers. Cyber criminals have been exploiting weaknesses in the software platform for years.
These attacks are so prevalent that many people question whether Adobe Flash has had its day and whether it should be withdrawn.
- This particular malware actually makes use of genuine pop-up notifications from the official Adobe installer to update their victim’s Flash Player installation.
- Adobe Flash is common and is used for animations, desktop applications, mobile applications, mobile games and embedded web browser video players.
However, if you don’t use it or need it but its running on your computer you might want to consider uninstalling it.