There are scores of ways that hackers use to insert malicious scripts in your computer for their personal gains — be it data, ransomware attack or the more popular way of making money these days — cryptomining.
In one of the recent attacks found, hackers are using a fake Flash update to push malware that cryptojacks your computer.
This Flash update, which masquerades as the real one, with borrowed pop-up notifications from the official Adobe installer has been around since August 2018, according to researchers at Palo Alto Networks.
The malware ridden update looks legitimate as it not only installs its own malicious script that starts using your PC’s computing power to start mining cryptocurrency but also updates to the latest version of Flash.
“Fake Flash updates pushing malware are not very stealthy. In recent years, such imposters have often been poorly-disguised malware executables or script-based downloaders designed to install cryptocurrency miners. If a victim runs such poorly-disguised malware on a vulnerable Windows host, no visible activity happens, unless the fake updater is pushing ransomware,” Brad Duncan, researcher at Unit 42, Palo Alto Networks stated.
The fake Flash update installs an unwanted program like a XMRig cryptocurrency miner to the victim’s computer.
And since it also updates the Flash players, if you’re hit you might not even notice, that is, until your computer starts slowing down immensely as mining cryptocurrency requires significant computing power.
“A recent type of fake Flash update has implemented additional deception. Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary. Meanwhile, an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer.”
The researcher run the test on the fake Flash updater and found out that following installation of the update, it even asks you about your Flash update preferences and then redirects you to a page from Adobe thanking you for installing the Flash player.
“This campaign uses legitimate activity to hide distribution of cryptocurrency miners and other unwanted programs. Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates,” the researcher concluded. You can check out their detailed research here.
What can you do to stay safe?
- Always update your computer with the latest update provided by the operating system provider as they also contain security updates that patch any previously found vulnerability.
- Install an anti-virus from a reputed source that offers real-time protection for your PC, especially when you’re surfing the web.
- Ignore pop-ups and download buttons that appear on websites — specifically software downloading websites. Those mostly contain malware.
- Always download software from a legitimate source. In this case, if you’re looking for the update, go directly to the Adobe website and download it from there.