While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems.
To the average user, the newly discovered samples, which have been active as early as August, seem legitimate. The samples act as Flash updates, borrowing pop-up notifications from the official Adobe installer, and even actually updating a victim’s Flash Player to the latest version. Unbeknownst to the victims, while the legitimate Flash update has occurred, a tricky XMRig cryptocurrency miner is quietly downloaded and runs in the background of the infected Windows computers.
Read more about the stealthy new cryptojacking campaign on Threatpost.