The malware was identified and reported by Unit 42 research group. Cryptojacking is the process of utilizing a computer’s processing power to mine cryptocurrencies without the knowledge or consent of owner.
The latest research report released by Unit 42, Palo Alto Networks’ threat intelligence team indicates that the malware strain covertly compels computers to mine Monero (XMR) by deploying an “XMRig cryptocurrency miner.”
The latest malware is stated to be exceptionally adverse, as the developers have replicated the pop-up announcement from an official Adobe installer. Furthermore, the download actually does update targets’ computers with the most recent version of Flash, further adding to its appearing authenticity.
Regarding the malware, Unit 42 analyst Brad Duncan stated
“In most cases, fake Flash updates pushing malware are not very stealthy… [but in this instance, because of the latest Flash update, a potential victim may not notice anything out of the ordinary.”
Unit 42 discovered the malware code while probing for “popular” bogus Flash updates by means of AutoFocus, a Palo Alto Networks intelligence tool:
“77.. malware samples are identified with a CoinMiner tag in AutoFocus.The remaining 36 samples share other tags with those 77 CoinMiner-related executables.”
It is a known fact that coin miner functions by utilizing Coinhive – a JavaScript program built to mine Monero via a web browser. Unit 42 has stated that codes that misleadingly impersonate and deploy an authentic Flash update have been in circulation as of August 2018.
Only yesterday, Iran’s cybersecurity executives issued a statement that claimed that the maximum number of recorded incidents of Coinhive infection have happened in Brazil. India and Indonesia took the next two places.
Reports suggest that incidents of cryptojacking malware have increased by nearly 500% percent in 2018. According to June estimations, malware was responsible for mining around 5% of the total circulating Monero.