Cryptojacking involves using a computer’s processing power to mine crypto without the owner consenting or even knowing it.
The latest report released by Unit 42 says that Palo Alto Network’s threat intelligence team discovered that the malware strain makes computers mine XMR by installing an “XMRig cryptocurrency miner.”
This new malware is reportedly harmful, and developers have copied the pop-up notification from an official Adobe Installer, that’s why users cannot see what’s coming.
The download updates computers with the latest Flash version
More than that, the download does update computers with the newest version of Flash, and this only adds to the apparent legitimacy of the whole process.
Unit 42 analyst Brad Duncan said that “In most cases, fake Flash updates pushing malware are not very stealthy… [but in this instance, b]ecause of the latest Flash update, a potential victim may not notice anything out of the ordinary.”
It seems that Unit 42 discovered the strain while they were reaching for popular fake Flash updates via AutoFocus, which is a Palo Alto Networks Intelligence tool.
“77.. malware samples are identified with a CoinMiner tag in AutoFocus.The remaining 36 samples share other tags with those 77 CoinMiner-related executables.”
According to Unit 42, samples that deceptively mimic and install an actual Flash update have been in circulation as of August 2018.
Monero holders should stay alert and make sure that they are only downloading legit programs.