"Weaponized Windows Installers Target Graphic Designers in Crypto Heist"

A cryptocurrency-mining campaign targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool has been ongoing since at least November 2021. According to a report by Cisco Talos Threat Researcher Chetan Raghuprasad, the campaign uses Advanced Installer, a tool for creating software packages, to hide malware in legitimate installers for software used by creative professionals, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro. Through the Custom Action feature of the installer, attackers execute malicious scripts and drop multiple payloads, including the M3_Mini_Rat client stub backdoor, Ethereum cryptomining malware PhoenixMiner, and multi-coin mining threat lolMiner. This article continues to discuss attackers targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool.

Dark Reading reports "Weaponized Windows Installers Target Graphic Designers in Crypto Heist"