Researchers have identified cryptojacking malware that conceals itself behind a fake Adobe Flash update. The finding has been revealed in a cyber threat report published by Unit 42 research group on Oct. 11.
According to new research released by Unit 42, Palo Alto Networks' threat intelligence team, the malware strain surreptitiously compels computers to mine Monero (XMR) by installing an “XMRig cryptocurrency miner.”
The new malware is said to be particularly harmful, as the developers have copied the pop-up notification from an official Adobe installer. Moreover, the download really does update targets' computers with the latest version of Flash, further adding to its seeming legitimacy.
Unit 42 analyst Brad Duncan has stated that:
“In most cases, fake Flash updates pushing malware are not very stealthy… [but in this instance, b]ecause of the latest Flash update, a potential victim may not notice anything out of the ordinary."
Unit 42 reportedly uncovered the strain while searching for “popular” fake Flash updates using AutoFocus, a Palo Alto Networks intelligence tool:
“77.. malware samples are identified with a CoinMiner tag in AutoFocus.The remaining 36 samples share other tags with those 77 CoinMiner-related executables.”
Just yesterday, Iran’s cybersecurity authority issued a report that claimed that the highest number of recorded incidents of Coinhive infection have taken place in Brazil; India came in second, followed by Indonesia.
As reported in September, cryptojacking malware reports are said to have surged almost 500 percent in 2018. According to estimations in June, around 5 percent of the total circulating Monero supply was mined using malware.