“While searching for these particular fake Flash updates, we noticed Windows executables file names starting with AdobeFlashPlayer__ from non-Adobe, cloud-based web servers. These downloads always contained the string flashplayer_down.php?clickid= in the URL. We found 113 examples of malware meeting these criteria since March 2018 in AutoFocus. 77 of these malware samples are identified with a CoinMiner tag in AutoFocus. The remaining 36 samples share other tags with those 77 CoinMiner-related executables.”
The number of victims arriving at these psudedo-legitimate URLs still remains unclear. While organizations with secure web filtering and educated users have a much lower risk of infection, the vast majority of users are likely to be in danger.
Suggested Reading : Learn more about Monero mining.
Cryptojacking continues to be a persistent problem, but mainstream Internet browsing platforms are beginning to fight back. Last month, Firefox announced that its upcoming release would include features to block hidden ‘tracking’ activity plus a cryptojacking blocker. Opera and Brave Browser are also taking similar measures to fight crypto malware.
Further support is beginning to come from a mysterious botnet designed to seek and destroy undetected instances of cryptojacking malware on the internet. The malware-fighting botnet was first discovered by researchers at Qihoo 360Netlab, who explain that the bot scans the web for a specific mining malware called com.ufo.miner. Once detected, the Fbot installs itself on top of the malware and self destructs, taking the malware out with it.
source: https://unhashed.com/cryptocurrency-news/hackers-pushing-cryptojacking-malware-fake-flash-updaters/
Article comments