Hackers Exploit Windows Tool to Deploy Crypto-Mining Malware

Hackers have targeted a popular Windows-based software packaging tool to infect computers with crypto mining malware, IT security firm Cisco Talos Intelligence Group has revealed.

The mining attack on computers happens through a Windows tool known as Advanced Installer, and the attackers have used the tool to package malicious code together with software installers from popular tools like Adobe Illustrator, Autodesk 3ds Max and SketchUp Pro.

The software tools affected are used specifically for 3-D modeling and graphic design, and mainly use the French language, the firm said.

Cisco Talos’ report explained that once infected, the computers, which are often used by graphic designers and therefore have powerful Graphics Processing Units (GPU), are then used to mine crypto on behalf of the attacker.

“The campaign likely affects business verticals such as architecture, engineering, construction, manufacturing and entertainment, as the attackers use software installers specifically created for 3-D modeling and graphic design,” the report said.

It added that these industries are attractive targets for the hackers because powerful GPUs are highly useful for mining various cryptocurrencies.

Once infected, the computers start running the M3_Mini_Rat tool, which allows attackers to download and run the Ethereum malware miner PhoenixMiner and the multi-coin mining malware lolMiner.

Among the most popular proof-of-work (PoW) cryptocurrencies that can be mined with GPUs today is the Ethereum fork Ethereum Classic (ETC) and the privacy-focused coin Monero (XMR).

Bitcoin (BTC) is generally mined on more specialized mining machines known as ASICs.

The firm said the activity has been ongoing since “at least November 2021,” and victims are spread out around the world but with a concentration in France and other French-speaking regions.