Cryptomining malware discovered masquerading as Flash updates

This malware is so sneaky it updates your Flash to look legit.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Chesnot / Getty Images

Hackers trying to use your computer to make money are getting sneakier.

Their latest approach uses malware that pretends to be an Adobe Flash update to install cryptomining software on victims' computers. This forces them to mine for Monero, according to new research released Thursday by Unit 42, Palo Alto Networks' threat research team.

To look as legit as possible, the new malware strains have copied the pop-up notification from an official Adobe installer and actually update victims' computers with the latest version of Flash, making it appear to be a legitimate update.

It takes a lot of computing muscle and time to run the software that creates more Monero, and the growing value of cryptocurrencies like Monero, Bitcoin and Ethereum has put a premium on computing power. The malware provides cryptominers with a secretive shortcut to use a crowd of strangers' computers without their knowledge.

The best PCs for privacy-minded people

See all photos

"In most cases, fake Flash updates pushing malware are not very stealthy," Unit 42 threat intelligence analyst Brad Duncan wrote in introducing the research. "Because of the latest Flash update, a potential victim may not notice anything out of the ordinary."

Meanwhile, he said, a cryptocurrency miner or other unwanted program is quietly running in the background of the victim's computer, posing a threat to its CPU usage and the system's responsiveness. To avoid infection, Unit 42 researchers recommend keeping your systems up to date, not opening unexpected or untrusted attachments and links, and having security countermeasures in place.

Unit 42 researchers said Thursday they have identified 113 examples of the cryptocurrency-mining malware mimicking Flash updates since March.

Unit 42 has previously estimated that 5 percent of all Monero in circulation was mined through malicious activity.

Watch this: Use the Gmail app to send confidential emails

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.