Spoof Adobe Flash updaters are inserting cryptocurrency mining malware

insecure cryptojacking is set to become the new malware epidemic cryptocurrency unsplash1

Cryptocurrency mining malware could be hiding in your Adobe Flash Update, according to new research from cybersecurity firm Palo Alto Networks. Although not a new hacking tactic, the latest analysis shows a significant spike in Adobe Flash updaters which can go on and hide in the background and do damage to Windows systems.

Per the research in the study, there were a total of 113 fake updaters discovered on the web, none of which are hosted on official Adobe servers. A spike in these URLs appeared as early as June 2018, and then again in September 2018. The research doesn’t make it clear how one can arrive at these, but it shows that spoof URLs are the likely root cause.

In a test of one of these URLs on August 24, Palo Alto Networks revealed that the bogus Adobe updaters go on to legitimately update Flash Player and throw an unsuspecting user to an official Adobe website on completion. Unfortunately, it also ends up embedding an “XMRig” mining bot in the process. That bot then runs in the background, making a CPU go 100-percent full force, mining “Monero” cryptocurrencies for hackers. There’s no warning, and the only way to tell where connections were going was by analyzing the networking traffic.

“This campaign uses legitimate activity to hide distribution of cryptocurrency miners and other unwanted programs. Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates,” explains Palo Alto Networks.

Cryptocurrency malware is not a new phenomenon and has sometimes proven tough to remove from infected systems. Back in May, one strain of this type of malware crashed the PCs of those who manually tried to kill off the mining process from the task manager.

Adobe is actually ending support for Flash Player in 2020 and wants content creators and consumers to move to the much more secure HTML 5 platform. The firm cited browser plugins in that decision, noting that these can disrupt secure environments, cause browser instability issues, and open up browsers to hacking. Flash is mainly obsolete anyway, and many browsers are already blocking the plugin from starting automatically. It’s all one step toward a safer internet for us all.

Computing

Don’t install the Windows 10 cumulative update if you have an HP computer

The most recent cumulative update for the Windows 10 October 2018 Update is causing the blue screen of death on some HP devices. Only a small subset of people appear to be impacted. 
Gaming

One game console is better than the rest, and we're not afraid to say it

We've seen a relatively large influx of new consoles in the last year, including the Nintendo Switch and Xbox One X, so we've updated our recommendations for the best dedicated game hardware.
Mobile

Here’s everything Google announced at its October 9 event

Google's October 2018 hardware event is over, and though it was short, it left us with an awful lot to talk about. But if you didn't catch the livestream or the updates, it's easy to catch up on the reveals.
Cars

‘Navigate on Autopilot’ is conspicuously absent from Tesla software Version 9.0

Tesla began a wide rollout of software update version 9.0 with a number of enhanced features, but without Navigate on Autopilot. New features include mobile apps, a dash cam, obstacle-aware acceleration, and enhanced 360-degree views.
Computing

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.
Computing

How to recover Google contacts

If you accidentally deleted an important person from your Google Contacts, they might not be lost forever. Recovering them is a fairly easy process -- as long as you do it quickly. Here's how.
Product Review

The ThinkPad X1 Extreme is a love letter to PC geeks

Lenovo’s ThinkPad line-up is targeted at business use, but it’s long appealed to hardcore PC geeks as well. The new X1 Extreme, which combines a powerful processor and high-resolution screen with Nvidia graphics, seems built for them…
Computing

Afraid that Bitcoin could be a bubble? Here's how to sell what you've got

If you're investing in cryptocurrencies, it's important to have your exit strategy in place if prices start to crash. If you've decided it's time to get out or just want to learn how to sell Bitcoins, here's how to get started.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

If you weren't already aware, USB-C is quickly becoming mainstream. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone.
Computing

How to protect your iCloud account

From Chinese hacking to identity theft, it's not surprising if you're a little worried about your iCloud data. Here's how to protect your iCloud account with a few simple security steps. It will only take a few minutes, and we'll walk you…
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Photography

Adobe's "creativity conference" begins October 15. Here's what we hope to see

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Product Review

The Oculus Rift is cheaper, the Vive Pro is better. Is the original Vive still worth it?

The Oculus Rift may have brought virtual reality into the public eye, but HTC’s Vive, built in partnership with Valve, does it better. Does the Vive still represent the true future of virtual reality, or are there better competitors on…
Computing

Don't take your ISP's word for it: Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.