Cryptominers Hide Malware in Flash Updates

[Guest]

Palo Alto Networks revealed that savvy hackers are using seemingly legitimate Flash updates to install cryptocurrency mining software on victims' systems.

Cryptominers Hide Malware in Flash Updates : Read more

 

[rantoc]

Something Adobe not secure? Reeeeally *act shocked*

 

[spdragoo]

Which is also one of the reasons why, when the notification pops up after logging onto my PC, instead of clicking that link I go directly to Adobe's site to check for a Flash update.

 

[stdragon]

Friends don't let friends use Flash. HTML5 or bust!

 

[Deleted member 2449095]

I uninstalled Flash a long time ago. I didn't notice any difference browsing the web.

 

[shrapnel_indie]

Pretty much everyone has to install Flash, and unless they get one of those notifications, they probably don't think about updating it. That makes it the perfect target for campaigns like this.

Not so much anymore. Most modern browsers have dropped support for the add-on/plug-in model that Flash uses... So unless you've refused to update your browser.... I do suppose that IE can still be a huge culprit... and by extension Edge... or the myriad of small-time browsers out there that aren't paying as close attention to net/web security as they should... chances are you haven't been experiencing Flash in action.


As to the notifications, it isn't hard to place ads into ad streams that mimic the update notifications either so you install their "alternative," (which can contain the questionable additions) or in some cases, just outright hit you with malware without any Flash update or "replacement."

 

[stdragon]

Flash is dead. Those that continue to use it just aren't aware, and continue to use this vector for malware at their own peril!

Yes, Flash is EVIL!!