This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
10/15/2018
Fake Adobe update really *does* update Flash (while also installing cryptominer)
The State of Security
Online criminals have frequently distributed their malware attacks as fake updates for Adobe Flash.
Security-savvy computer users haven’t found such attacks difficult to spot and know to only get updates to Adobe Flash Player from the company’s own website.
A new wave of attacks, however, has added a twist to the traditional malware attack disguised as an update to Adobe Flash Player by actually updating Adobe Flash… for real!
Have malicious hackers had a surprising change of heart? Have online criminals replaced avarice with altruism?
Sadly not, because although a fake Adobe update is really updating Adobe Flash, it is also sneakily installing cryptomining code onto the Windows computers of its unsuspecting victims.
Security researchers at Palo Alto Networks published details of how XMRig cryptomining code has been installed under the cover of fake Adobe Flash updates. Fake Flash updates that borrow genuine pop-up notifications from the official Adobe installer do indeed update their victim’s Flash Player installation.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information