Fake Adobe Flash update has been actively used in a campaign since this summer. It borrows the code from the legitimate update and updates victims software, but it also includes the code to download an XMRig cryptocurrency miner on Windows systems. The fake Flash updates use file names starting with AdobeFlashPlayer that are hosted on cloud-based web servers that dont belong to Adobe. The downloads always include the string flashplayer_down.php?clickid= in the URL.”]
Source: https://securityaffairs.co/wordpress/77089/malware/fake-adobe-flash-update.html