Cryptominers Hide Malware in Flash Updates


Deleted member 2449095

I uninstalled Flash a long time ago. I didn't notice any difference browsing the web.
Pretty much everyone has to install Flash, and unless they get one of those notifications, they probably don't think about updating it. That makes it the perfect target for campaigns like this.

Not so much anymore. Most modern browsers have dropped support for the add-on/plug-in model that Flash uses... So unless you've refused to update your browser.... I do suppose that IE can still be a huge culprit... and by extension Edge... or the myriad of small-time browsers out there that aren't paying as close attention to net/web security as they should... chances are you haven't been experiencing Flash in action.

As to the notifications, it isn't hard to place ads into ad streams that mimic the update notifications either so you install their "alternative," (which can contain the questionable additions) or in some cases, just outright hit you with malware without any Flash update or "replacement."