Cryptominers Hide Malware in Flash Updates

spdragoo

Splendid
Ambassador
Which is also one of the reasons why, when the notification pops up after logging onto my PC, instead of clicking that link I go directly to Adobe's site to check for a Flash update.
 

shrapnel_indie

Distinguished
Jan 21, 2010
2,152
10
20,465
277
Pretty much everyone has to install Flash, and unless they get one of those notifications, they probably don't think about updating it. That makes it the perfect target for campaigns like this.
Not so much anymore. Most modern browsers have dropped support for the add-on/plug-in model that Flash uses... So unless you've refused to update your browser.... I do suppose that IE can still be a huge culprit... and by extension Edge... or the myriad of small-time browsers out there that aren't paying as close attention to net/web security as they should... chances are you haven't been experiencing Flash in action.


As to the notifications, it isn't hard to place ads into ad streams that mimic the update notifications either so you install their "alternative," (which can contain the questionable additions) or in some cases, just outright hit you with malware without any Flash update or "replacement."
 

stdragon

Commendable
Apr 5, 2018
1,551
4
1,660
196
Flash is dead. Those that continue to use it just aren't aware, and continue to use this vector for malware at their own peril!

Yes, Flash is EVIL!!
 

ASK THE COMMUNITY