Monero Mining Malware Detected in Flash Updates

Cryptocurrency hackers’ creativity is reaching new horizons with the latest integration of Monero-mining scripts within genuine Adobe Flash updates.

Researchers from Palo Alto Networks have the detected the XMRig Monero mining bot in the latest version of Adobe Flash.

Some users have detected high CPU usage and unstable computer behavior, but for many Flash users, the injection and Monero mining are going through without them realizing it.

The researchers have found 113 sites that host the "AdobeFlashPlayer" executable file on non-Adobe servers.

The team at Palo Alto Networks are directed into downloading and installing the injected Adobe Flash updates via Spoof URLs. The most common way a user gets to the spoof URL is via a pop-up window or by imitating an out-of-date Flash behavior.

As for the Flash update – everything seems normal, but the script shows that users connect to a Monero mining pool and the CPU is being “hijacked” to run the mining script.

Mined Monero tokens usually are directed to a single wallet, but there have been some instances in which more than 12 wallet addresses have been deployed to receive the maliciously gathered tokens.

This injection is not new, but still – very effective. Monero, with its granted anonymity, is the number one choice for such attacks.

The Monero Malware Response group is battling the growing Monero-hacking cases with particular focus on how the mining algorithm works.

At present Adobe Inc. are not giving any information about the hacking.