A fake update to widely used software has been taking over computers to surreptitiously mine cryptocurrency, according to a report from the cybersecurity firm Palo Alto Networks.
The malicious software claims to be for Adobe Flash — which the software does update — but includes code for cryptojacking, the term used for efforts to quietly gain access to computers and then harness their power to mine cryptocurrencies such as bitcoin.
Brad Duncan, a threat intelligence analyst for the company, announced the discovery on Thursday in a blog post.
“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer,” Duncan wrote. “Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary.”
Blockchain technology is a system in which computers each contribute to a shared ledger, creating a transparent and secure system that is not controlled by any central authority or middleman. Cryptocurrencies are created through a process known as mining, in which computers work to verify transactions on a particular blockchain — bitcoin is one such example — in return for bits of cryptocurrency.
Raj Samani, chief scientist at the cybersecurity firm McAfee, said cryptojacking is quickly invading computing hardware through numerous access points.
“This is not unique to this update.” Samani said. “We are seeing many websites get hijacked and very authoritative websites we visit regularly are unwittingly consuming visitor resources for the benefit of criminals.”
RedLock, a cloud threat defense company, announced in February that hackers broke into Tesla’s cloud account with Amazon Web Services and used it to mine cryptocurrency. RedLock’s CEO Varun Badhwar said in March that an “arms race” has begun among hackers in an effort to steal computing power.
According to a “threats report” released in June by McAfee, cryptojacking malware increased by 629 percent in the first quarter of 2018 from the fourth quarter of 2017.
“This suggests that cybercriminals are warming to the prospect of monetizing infections of user systems without prompting victims to make payments, as is the case with popular ransomware schemes,” the report stated.
The fake Adobe Flash update is not as easily detectable as other software infections, since the malware actually updates the computer’s version of Adobe Flash. The additional layer lends a fake authenticity, leaving the victim less likely to realize the corruptive nature of the software update.
Adobe Systems has had the most vulnerability advisories compared with any other home and office software vendor, according to an analysis released in August by Trend Micro, a cybersecurity and defense company.
Adobe said it intends to stop distributing its “Flash Player” by the end of 2020.