A recent discovery by IT security firm, Cisco Talos Intelligence Group has unravelled a novel method hackers are using to launch crypto-mining attacks on computers. The modus operandi? Hackers leverage a popular Windows tool, Advanced Installer, to package malicious crypto-mining code alongside software installers of common graphic design tools.
Software tools like Adobe Illustrator, Autodesk 3ds Max and SketchUp Pro which are frequented by graphic designers and 3-D modellers seem to be the primary backbone for these viral installers. A profoundly intriguing detail behind this approach is the predominance of the French language in the affected software tools.
When these infected installers are employed, the resultant damage is twofold. On one hand, the computers become carriers for the M3_Mini_Rat tool, which enables their attackers to download and run malware miners like PhoenixMiner (targeted at Ethereum) and lolMiner (a multi-coin mineware). On the other hand, these computers with their powerful Graphics Processing Units (GPU) are harnessed to mine cryptocurrencies on behalf of the hackers.
It’s not hard to see why hackers are turning a covetous eye to industries like architecture, engineering, construction, manufacturing, and entertainment which leverage these design tools. The robust GPUs in these systems can be crucial assets in mining popular proof-of-work (PoW) cryptocurrencies like Ethereum Classic (ETC) and the privacy-centric Monero (XMR).
However, while Bitcoin (BTC) may be among the most in-demand cryptocurrencies, it’s safe from this particular attack vector due to its dependence on mining-specific machines, ASICs, rather than GPUs.
This hacking activity has been in play since at least November 2021, with victims dispersed globally, albeit with a substantial number in France and other French-speaking regions. Given the technological imprints left in the operations, the hackers painted a stark portrait of the intersection between technological evolution and cybersecurity threats.
Source: Cryptonews