The cybersecurity firm Palo Alto Networks revealed through their latest blog post that it has uncovered more cryptocurrency mining malware concealed within a fake Adobe Flash Player update.
The American multinational cybersecurity company headquartered at Santa Clara, California, revealed through their latest blog post that more of the fake Flash updates are being uncovered during their work and research than ever before.
Using pop up notifications from the official Adobe installer, these malware infect the user’s PC when run. The malware may also update the system’s Flash Player to the latest version, making the attack less obvious while installing cryptocurrency mining malware like the XMRig cryptocurrency miner. The malware will run in the background of an operating system once embedded, mining cryptocurrency. The user’s antivirus protection may or may not identify the malware.
Symptoms of a Cryptocurrency mining malware silently mining in the background includes sudden pressure on the system’s resources, or the processor seems to be running constantly. Malware may be identified in the Windows Task Manager as an unusual program using large amounts of system resources.
Palo Alto Networks discovered Adobe cloud-based web servers belonging to, or that have been utilized by hackers to propagate executable file names with the prefix “AdobeFlashPlayer”. They had noticed an increase in these occurrences since March 2018, peaking during September of the year. Testing one of the identified fake update, Palo Alto found the mining malware to be mining the cryptocurrency Monero, which is a common target for attackers due to its anonymous nature as a privacy token.
Threats Report for September 2018 released by McAfee Labs found that although new iterations of all malware were less frequent in 2018 so far, total occurrences of malware are on the rise. Reports of malware have continued to increase since 2016.
Protecting Your Devices
The cybersecurity firm concluded that more knowledgeable PC users, or those running antivirus and system protection, were much less likely to be attacked. Updating the system and antivirus regularly will make it more likely for malware to be identified either before or after installation.
If their system suddenly slows down or appears to be using more resources than usual, an investigation must be carried before ruling out a mining attack. Users should check the origins and file names when running pop up updates, to ensure genuine install.
Cryptocurrency mining malware are a comparatively less lethal strand of malware to reward hackers in cryptocurrency. More malicious malware like Combojack and other clipboard hijackers will instead lie dormant on a users system until they find cryptocurrency wallet addresses copied to the operating system’s clipboard. The malware will then replace the user’s wallet address with that of the hacker when the user tries to paste the wallet address to an exchange or for a transfer. Unsuspecting victims may end up transferring cryptocurrency balances directly to hackers.
Cybersecurity company Carbon Black recently warned that in just the first half of 2018, $1.1 billion has been stolen from cryptocurrency investors — including via malware attacks.
Fake Fortnite Cheat Hides Crypto Malware
In earlier news, a fake cheat for the massively popular online RPG Fortnite turns out to be a malware designed to steal bitcoin wallet login detail according to Malwarebytes Labs. The malware turned up on the 2nd of October in investigations carried out by the California-based cybersecurity firm. Following a trail from one of many dubious YouTube videos leading to a “little slice of data theft malware disguised as a cheat tool,” it said.
The YouTube account that posted the video has over 700 subscribers, according to the report, while the video had been viewed over 2,200 times. The malware is propagated through a link posted in the description of the video, once clicked the link takes the visitor/potential victim to a page asking them to subscribe to the YouTube account, after which they are allowed to download the fake tool.
Malwarebytes wrote: “As far as the malicious file in question goes, at time of writing, 1,207 downloads had taken place. That’s 1,207 downloads too many.”
The team discovered that the malware was designed to extract data from users’ PCs ranging from browser autocomplete text to Steam sessions, and ultimately send the ill-gotten info to an I.P. address that was tracked to the Russian Federation. The malware also looks for data linked to bitcoin wallets with a preference for data related to the Electrum wallet. The firm warns that “Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward,”.