Cybersecurity firm Palo Alto Networks has discovered a false Flash updater which not only does what it advertises, but also adds in a cryptocurrency mining bot called XMRig. Once updated, the said bot will then be used to mine Monero, which are all sent to a single wallet.
The bogus Flash updater has supposedly been around since early August. And it seems to have proliferated too, with 113 instances of files with the “AdobeFlashPlayer” prefix being hosted on non-Adobe servers.
Researchers of Palo Alto Networks tested the file, obtained via a spoof URL. There was initially nothing to suspect, as the Flash updater is running as expected. But soon after, web traffic shows that the Monero-mining bot has already started working.
This is just another entry into the long list of cryptocurrency mining malwares, many of which are disguised as legit software. But for what it’s worth, this one can be avoided as long as you make sure you’re downloading the Adobe updates from the right servers.
(Source: Palo Alto Networks)