Remember Flash Player? That handy-dandy web add-on that we all needed to play Insaniquarium in the early 2000s? Well, it’s still alive and kicking. And apparently, it’s become the new weapon of choice for crypto malware developers.
Palo Alto Networks recently published new research revealing a recent uptick in the number of malicious Flash installers that download cryptocurrency malware onto computers. More than a hundred unique malicious Flash installers have been discovered by the researchers since March.
Oddly enough, these pieces of malware do actually also install Flash.
Apparently, the fact that the malicious software actually does achieve the end result that the user is looking for is all part of the ploy to make it seem legitimate.
#Adobe Issues Patch for Actively Exploited #FlashPlayer Zero-Day Exploit https://t.co/AZ59FSWOUD#CyberSecurity #infosec #AI #Malware #Fintech #Blockchain #Chatbots #Bigdata #datascience #Privacy #Privacymatters #hack #hacking #databreach #crypto pic.twitter.com/kagXKOWHPM
World's Biggest Vessel Opens Gates for 2019 Coinsbank Blockchain CruiseGo to article >>
— Ratan Jyoti (@reach2ratan) June 8, 2018
When the software is opened, it runs a secret installer for an open-source cryptocurrency miner known as ‘XMRig.’ The malware immediately begins to absorb the computer’s processing power and graphics card capabilities to start mining Monero, which is then sent to an anonymous wallet. This practice is called ‘cryptojacking.’
Flash Has Long Been Targeted by Malware Creators
This isn’t the first time that Flash has been used as a sort of ‘sleeper cell’ by hackers. TechCrunch reported that when the software itself isn’t being used as a vehicle for malware to sneak onto a computer, trojan horse-style viruses disguise themselves as Flash updates across every corner of the internet.
TechCrunch also said that the trend “became so much of a problem that Google began sandboxing Flash (and other plugins) in Chrome almost a decade ago because Flash-based malware was so prevalent.”
Nowadays, Flash is hardly necessary for anything that most people would do with any regularity on the internet. The need for it only arises once in a while, and it’s even set to be permanently retired by Adobe in 2020. Until then, resist the urge to play those online games–your computer will thank you later.