Flash Exploited by Cryptojackers to Mine Monero, Over 100 Instances Flagged by Adobe
Adobe’s Flash Player, once a prominent feature of the last decade to enable millions around the world to play internet games, has made its way to the hackers’ arsenal as they look to leverage all forms of customer-facing software to illegally mine cryptocurrencies, reported Finance Magnates on October 12, 2018.
Old Tricks, new Rewards
Research published by the cybersecurity research firm Palo Alto Networks revealed a recent surge in the number of Flash drives “marked” malicious in the broader market, and noted more than a hundred such instances contained crypto-mining scripts to extract a victim’s PC power to mine cryptocurrencies for the malware’s developer.
Interestingly, the malicious files do install Flash on the victim”s computer, alongside the malware, as part of a ploy to avoid arousing suspicious activity. However, upon discovery, Adobe was quick to issue a patch to prevent further exploits:
#Adobe Issues Patch for Actively Exploited #FlashPlayer Zero-Day Exploit https://t.co/AZ59FSWOUD#CyberSecurity #infosec #AI #Malware #Fintech #Blockchain #Chatbots #Bigdata #datascience #Privacy #Privacymatters #hack #hacking #databreach #crypto pic.twitter.com/kagXKOWHPM
— Ratan Jyoti (@reach2ratan) June 8, 2018
After installation, the software runs an installer file for an open-source cryptocurrency miner called XMRig without the user’s permission. Immediately after installation, the malware begins to acquire processing power and graphics card capability from the computer to mine Monero (XMR).
XMR: A Hacker’s Best Friend
Flash-based malware is not a new feature of the cybercrime space. Hackers have historically deployed viruses and ransomware disguised by a Flash update, with the practice running rampant until the software’s decline at the start of this decade. The nuisance reached such high levels that even Google blocked Flash plugins to its browser without due scrutiny.
Adobe is set to retire its creation in 2020, but until then, hackers have a window to deploy XMRig and other miners to mine some XMR for themselves.
Illicit cryptocurrency mining, or cryptojacking as popularly known, continues to be a world-wide problem after its rise in 2018. The attack type displaced ransomware as the most popular form of cybercrime in 2017, and went up by 629 percent in Q1 2018, as per a McAfee report.
The most exploited cryptojacking method remains that of installing the Coinhive miner on victim computers to mine XMR for hackers. The browser-based miner has been used against Indian government websites, U.S. zoos, and entire corporations.
Meanwhile, XMR remains the currency of choice for hackers to mine, courtesy of its substantial pay-outs, low-cost to mine, and untraceability to stolen funds.