Fake Facebook page serves Fake Flash player containing Miner

Now a days, Cyber Criminals have more interest in Bitcoins and Mining than the victim's information. Here is another example that shows the interest of cybercriminals.  

Security Researcher at MalwareBytes has come across a fake facebook video page that displays a message "An update for Youtube flash player is needed" and downloads fake flash player file.

Once user opened the fake flash player, it drops a couple of executable files namely "control.exe" and "svhost.exe".

Svchost.exe attempts to join a P2Pool - a decentralized Bitcoin mining pool that works by creating a peer-to-peer network of miner nodes.  However, it failed to connect.  The dropped miner is being detected as PUP.BitCoinMiner.

Users are always recommended to download the software from trusted and directly from the software provider. 
Category: / /

Share this with Your friends: