With increasing dependence on digital tools, the advent of crypto-mining malware has evolved as a significant concern. This security issue has been underlined in stark relief as hackers have targeted a popular Windows utility tool to deploy their malicious codes.
Going into specific details, Windows’ Application Packaging Utility, colloquially named as Advanced Installer, has been the recent target. The Advanced Installer aids developers in packaging software installers, like Adobe Illustrator. The hacker stratagem involves exploiting this utility to execute harmful scripts on infected machines.
Software installers particularly pertaining to 3D modeling and graphic design fields have been primarily afflicted by this malware. Intriguingly, a considerable number of these affected software installers have been written in French. Moreover, the victims predominantly belong to various business fields, primarily in French-speaking regions. These domains encase architecture, engineering, construction, manufacturing, and entertainment within their ambit.
However, the geographical impact is far-reaching extending beyond france and Switzerland to other nations including the United States, Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore, and Vietnam, as per DNS request data.
This illicit campaign, as identified by Cisco’s Talos Intelligence, deploys malicious PowerShell and Windows batch scripts, establishing a backdoor in the victim’s system. Execution of these commands is possible via Advanced Installer’s Custom Action feature, which allows users to predesign custom installation tasks with the public miners like PhoenixMiner and lolMiner taking the brunt of the payload.
The terminology ‘cryptojacking’ is used to denote this practice of installing crypto mining code on devices without the user’s consent for illegal mining. Overheating and poorly performing devices are often the telltale signs of a cryptojacking attack underway.
The misuse of malware families to commandeer devices for crypto mining or theft isn’t a novel practice. BlackBerry, once the reigning champ in smartphones, recently identified malware scripts targeting at least three sectors – financial services, healthcare, and government.
While these cyber-crimes underscore the fragility of our digital infrastructures, measures for security need to enhance at a comparable pace to confront these evolving threats. Until then, this impasse serves as a stern reminder of the dual-edged nature of technological advancements.
Source: Cointelegraph