New XMRig Crypto Jacking Malware Copies Adobe Flash Updates, Experts Affirm
A group of researchers from the Palo Alto Networks have recently affirmed that there is a new popular crypto jacking malware attacking people. The reports were made by the Unit 42 of the group and released today, October 11.
In case you are unaware, cryptojacking is the practice of using someone else’s computer without their permission to mine cryptocurrencies. This is generally made via malware, and a Coinhive-based malware is the more popular one.
However, as Brad Duncan, a researcher from Palo Alto’s Unit 42 affirms, this one is customized to look like an innocuous Flash update. Duncan affirms that malware that mimics executables are generally easy to avoid, but this one actually looks a lot like the real thing.
The main problem is that as soon as it flashes on your screen and you give it permission, this malware installs XMRig on the computer to mine Monero (XMR), however, it also updates Flash sometimes, which can lead some people to believe that they have not been infected.
This new malware have copied the pop-up notification of the official Adobe installer software and it targets only users which have Adobe. This way, it is a lot more effective than other versions.
On the site, Duncan gives detailed information about how you can detect the malware from your operating system and what are the measures that you can do if you are infected.
Crypto Jacking On The Rise
The company has found 113 examples of this malware since March 2018. By using the legitimate activity as a disguise, this malware is more effective and, even if users with decent filtering and antivirus software are more protected from the risks, they should, too, be careful with their Adobe updates.
Crypto jacking software is on the rise around the world now and it is up almost 500% in 2018. A reent report from the government of Iran has reported that the country which has the higest number of computers infected with this kind of malware is Brazil, which has been hit over 81,000 times with the Coinhive malware.
India has been hit around 29,000 times and it stands in second while Indonesia has 23,000 cases (less than India, but a lot more when you consider the size of the population) and Iran scored “only” 11,000 cases.
Some reports seem to affirm that almost 5% of all the Monero in activity today was illegally mined.