If you have ever been infected or have helped someone infected with adware, then you most likely have seen your browser being redirected to sites pretending to be Flash Player updates. Instead of a legitimate update, these sites normally push adware bundles that install further unwanted programs on an unsuspecting user. Today, I learned about a new fake Flash Player update site, but was surprised to find that it was installing a CPU miner instead onto visitors.
When a user visits this Flash Player update site, the site will automatically initiate a download to the computer. While the page above is obviously pushing a Flash Player update scam, when I tested it, the file that was downloaded was named java-player.exe instead.
Based on this VirusTotal scan, I expected it would installed adware or PUPs when executed on a computer. Instead, the executable installed a CPU miner called SystemProcess that quickly used up all the available processing power on the computer.
When installed, a new schedule task called SystemProcess is created that launches the miner executable when a user logs into the computer.
Thankfully, this particular miner is detected by a large amount of security products, so if you weren’t protected by an existing software, you can download and install Malwarebytes or Emsisoft and clean it up for free.
How to protect yourself from these types of scams
Unfortunately, people fall for scam sites like this all the time. The best advice I can give when you encounter a site telling you a program is out of date and offers a downloadable update is to immediately close the web page. You should only download and install updates from highly trusted sites, and even then, I would still suggest that you go directly to the software developer for updates.
Be careful and be safe. It is dangerous place on the Net if you are not careful.
To read the original article:
https://www.bleepingcomputer.com/news/security/fake-adobe-flash-update-sites-pushing-cpu-miners/