Hackers Exploit Windows Tool to Deploy Crypto-Mining Malware

Mining

Author

Fredrik Vold

Author

Fredrik Vold

Author Profile

Share

Copied

Last updated: 

September 8, 2023

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Hackers have targeted a popular Windows-based software packaging tool to infect computers with crypto mining malware, IT security firm Cisco Talos Intelligence Group has revealed.

The mining attack on computers happens through a Windows tool known as Advanced Installer, and the attackers have used the tool to package malicious code together with software installers from popular tools like Adobe Illustrator, Autodesk 3ds Max and SketchUp Pro.

The software tools affected are used specifically for 3-D modeling and graphic design, and mainly use the French language, the firm said.

Cisco Talos’ report explained that once infected, the computers, which are often used by graphic designers and therefore have powerful Graphics Processing Units (GPU), are then used to mine crypto on behalf of the attacker.

“The campaign likely affects business verticals such as architecture, engineering, construction, manufacturing and entertainment, as the attackers use software installers specifically created for 3-D modeling and graphic design,” the report said.

It added that these industries are attractive targets for the hackers because powerful GPUs are highly useful for mining various cryptocurrencies.

Once infected, the computers start running the M3_Mini_Rat tool, which allows attackers to download and run the Ethereum malware miner PhoenixMiner and the multi-coin mining malware lolMiner.

Among the most popular proof-of-work (PoW) cryptocurrencies that can be mined with GPUs today is the Ethereum fork Ethereum Classic (ETC) and the privacy-focused coin Monero (XMR).

Bitcoin (BTC) is generally mined on more specialized mining machines known as ASICs.

The firm said the activity has been ongoing since “at least November 2021,” and victims are spread out around the world but with a concentration in France and other French-speaking regions.