A new campaign by cryptominers has been detected and you distribute a premeditated Adobe Flash Player update. However, while it is not the first time we see malware pretending to update a real program update, it does the above step, and it actually updates Flash Player to its latest version so it does not seem suspicious to the user.
Brad Duncan, security researcher Palo Alto, was the one who detected the malware campaign. What he found was that during the "Renewal of Flash Player", he was installing a hidden Monero miner, and updating Flash Player from his official site Adobe.
The updating of the program played a very important role as it puts less suspicion on the user. Duncan reported that visually and operationally the false installer was almost identical to the original Adobe.
What the user did not know was that in his attempt to update his programs, his system was infected. While running the miner, the use of the processor went up to 100% as the 'mining' of the Monero cryptography began.
The way Brad Duncan found it was not the real update from Adobe was the URL that contained 'flashplayer_down.php? Clickid =', which would not have been the case if the installer came from the website of Adobe. Several of these files were kept on the Amazon Cloud AWS, so the researcher was unable to ascertain which site the campaign was running on.
Finally, what we have to do is never download updates from third party sites. If you visit a site that suggests updating Flash Player, just do not. You probably will not download what you are looking for.