With insights from an analysis by Cisco’s Talos Intelligence, hackers have been using a Windows tool to drop cryptocurrency-mining malware since November 2021. It is expected that the attacker hacked Windows Advanced Installer, an application that helps developers package other software installers, such as Adobe Illustrator, in order to execute destructive scripts on infected machines.
According to a blog post made on September 7, 2023, the software installers affected by the attack are believed to be used for 3D modeling and graphic design. It is also believed that most of the software installers used in the malware campaign are written in French, Cointelegraph added.
The findings are expected to have mentioned that the “victims are likely across business verticals, including architecture, engineering, construction, manufacturing, and entertainment in French language-dominant countries,” as per insights from the report.
“These malicious scripts are executed using Advanced Installer’s Custom Action feature, which allows users to predefine custom installation tasks. The final payloads are PhoenixMiner and lolMiner, publicly available miners relying on computers’ GPU capabilities,” Cointelegraph concluded.
(With insights from Cointelegraph)
