A phony software update is being used to turn unsuspecting victims’ computers into cryptocurrency mining machines. The news comes from cybersecurity firm Palo Alto Networks, which claims Adobe Flash updates are being used to gain access to users’ computing power.
The process is called crypto-jacking. It’s nothing new, and it’s an increasingly popular way amongst hackers and cyberthieves of getting their hands on coveted crypto tokens without being found out or uncovered.
One of the biggest examples stems back in April 2018, when Google placed a ban on all its crypto-mining Chrome extensions to prevent hackers from gaining entry to unguarded computers and using their power to extract new coins. In addition, sources suggest that crypto-jacking is up by over 8,500 percent from last year. That’s a lot of stolen power…
A recent case from abroad centers around MikroTik, a router and ISP wireless system maker based in the European nation of Latvia. The company has had a particularly negative year following the discovery of several security vulnerabilities that allowed hackers to enroll roughly 12,000 of its products in assorted crypto-jacking schemes.
The vulnerabilities were found by cybersecurity firm Malwarebytes Labs, which later explained:
“MikroTik users are urged to patch their routers as soon as possible and should assume that their authentication credentials have been compromised if they are running an outdated version. MikroTik’s download page explains how to perform an upgrade to Router OS.”
How Does One Even Know?
The present scenario involves a software update that users say comes from Adobe Flash. If individuals have the application on their computers, it will seemingly be updated. This is what makes the infection so hard to spot, as the software does what it’s designed to do.
However, the software also includes code for crypto-jacking, and hackers can soon gain access to the computers and begin mining new bitcoins.
Threat intelligence analyst Brad Duncan explains:
“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary.”
This Has Been Happening for a Long Time
Chief scientist at McAfee Raj Samani states that the situation is nothing new, and hackers are consistently looking for new entry points:
“This is not unique to this update. We are seeing many websites get hijacked and very authoritative websites we visit regularly are unwittingly consuming visitor resources for the benefit of criminals.”
Back in February, cloud threat defense company Red Lock announced that hackers had gotten access to Tesla’s cloud account with Amazon Web Services and were using it to mine crypto. CEO Varun Badhwar commented that the “arms race” had begun amongst hackers to see who could steal the most computing power in the shortest amount of time.
The Problem Is Growing
McAfee also published a report last June stating that crypto-jacking efforts increased by nearly 650 percent between quarter four of 2017 and quarter one of 2018. That’s a massive increase over just a few short months. The report reads:
“This suggests that cybercriminals are warming to the prospect of monetizing infections of user systems without prompting victims to make payments, as is the case with popular ransomware schemes.”
A study released in August by cybersecurity and defense company Trend Micro suggests that Adobe Systems has had more vulnerability advisories than any other home or office software vendor. In response to the alleged attacks, representatives of Adobe have already announced that they plan to stop distributing their “Flash Player” product by the end of 2020.