The cryptocurrency mining malicious program is disguised as an Adobe Flash Player installer to spread malicious mining programs. Although this routine is not seen for the first time, this malicious mining application installs mining applications during the update of Flash Player. The malicious mining application disguised as the Flash Player installer is not new, but in the past, it was usually only the mining application was installed and then quit, or the browser to open the browser to access the Adobe Flash Player website.
The latest malware discovered by Palo Alto Unit 42 researcher Brad Duncan shows that this malware will not only install the XMRig mining application but will also automatically update the Flash Player. This will not cause user suspicion during the installation process, thus further hiding its true intentions.
Duncan said: “a recent type of fake Flash update has implemented additional deception. As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.” This user thinks that after the regular upgrade of Flash, the coinminer is installed. Mining applications. Once the device is infected, it will connect to the mining pool at xmr-eu1.nanopool.org and start using 100% CPU computing power to mine Monero digital currency.