Yes you have read it right. There is a resurgence of fake Adobe Flash installers laced with Monero cryptocurrency mining software. One thing is different this time, it actually updates Adobe Flash. Well on the downside, it loads up the cryptocurrency mining software also.
Palo Alto Networks researchers have found 113 instances of the fake updater as of this writing. During their testing using Windows 7 computers, the researchers found that upon installing the fake updater the operating system did present warnings about known software. Everything looked authentic and it would surely fool most users. Once installed, XMRig goes to work quietly generating the Monero currency in the background, but also updates the Adobe Flash software to the latest version.
It would make it like nothing is out of place and it is a legit update but the payload is being done in the background by mining Monero cryptocurrency. This is totally different with the other fake Adobe Flash which turns out to be ransomware that demands money to unlock encrypted files. The main difference is that, cryptocurrency mining software, they want you to keep it running the software on your computer as long as possible, thus with the most subtle moves they try to hide when it gets installed on your machine. They try to not make a disturbance while it gets installed to avoid you suspecting something going on with your computer.
Palo Alto Networks does not have a ballpark figure on how many have been affected by this fake Adobe Flash updater. The people who have downloaded and installed this might likely experience noticeable system performance issues, but on the flip side, Adobe Flash is up to date to the latest version.
Source: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/
