Skip to main content

Cybercriminals have manipulated a widely-used Windows software distribution tool to proliferate crypto mining malware, as disclosed by the cybersecurity entity, Cisco Talos Intelligence Group.

The malevolent assault on systems is facilitated through a Windows utility dubbed the Advanced Installer. Perpetrators have exploited this utility to amalgamate harmful codes with software setup packages from renowned platforms such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro.

Primarily, the impacted software tools are engineered for 3-D modeling and graphic designing tasks, predominantly catering to French-speaking users, according to the intelligence group.

The analysis by Cisco Talos illustrates that the subsequent infection coerces computers, typically harnessed by graphic designers equipped with potent Graphics Processing Units (GPUs), to mine cryptocurrencies for the assailants’ benefit.

The investigation elucidated that the ongoing scheme potentially jeopardizes sectors including architecture, engineering, manufacturing, construction, and entertainment. These sectors are being targeted due to the specific software installers used, which are heavily aligned with 3-D modeling and graphic design tasks. The analysis underscored that these sectors are lucrative prey for cybercriminals, given the heightened efficacy of robust GPUs in mining assorted digital currencies.

Following the breach, the infected systems activate the M3_Mini_Rat utility, facilitating the culprits to introduce and execute Ethereum-centric malware miner PhoenixMiner alongside the multi-currency mining malware, lolMiner.

The cryptocurrencies predominantly mined through this strategy include the Ethereum variant, Ethereum Classic (ETC), and the security-centric digital currency, Monero (XMR), leveraging the powerful GPUs. In contrast, Bitcoin (BTC) mining is typically conducted on dedicated, specialized mining apparatus known as ASICs.

Cisco Talos noted that this malevolent activity traces back to “at least November 2021,” with victims predominantly clustered in France and other French-speaking territories, albeit having a global presence.

AUTHOR: