A cryptocurrency-mining campaign has been targeting graphic designers and 3D modelers, with attackers based in France, Luxembourg [3], and Germany [1] [3]. They are using a malicious version of the legitimate Windows installer tool, Advanced Installer [1] [2] [3], to distribute malware. This campaign specifically focuses on industries such as architecture [2], engineering [2], construction [2], manufacturing [2], and entertainment [2], which heavily rely on 3D modeling and graphic design [3].


The attackers are hiding malware in software installers for popular creative tools like Adobe Illustrator and Autodesk 3ds Max [1]. They exploit a feature called Custom Action to execute malicious scripts and drop payloads [1], including a backdoor [1], cryptomining malware [1] [3], and a multi-coin mining threat [1]. The majority of the campaign’s victims are located in France and Switzerland [1], but there have also been targets in other countries such as the US [1], Canada [1], and Germany [1] [3]. The attackers primarily target French-speaking users [3], and the majority of the software installers used in this campaign are written in French [3].


This cryptocurrency-mining campaign has significant implications for industries that heavily rely on 3D modeling and graphic design. The attackers are specifically targeting professionals in these fields, taking advantage of their high-performance computers with powerful graphics cards for cryptocurrency mining [1]. To mitigate the risks, organizations should ensure they have robust security measures in place, including regularly updating software and educating employees about the potential dangers of downloading software from untrusted sources. Additionally, software developers should be vigilant in detecting and removing malicious versions of their installers. As the use of cryptocurrencies continues to grow, it is likely that we will see more sophisticated attacks targeting industries that can provide the computing power needed for mining.


[1] https://www.darkreading.com/attacks-breaches/weaponized-windows-installers-target-graphic-designers-in-crypto-heist
[2] https://techkranti.com/07-sep-23-in-security-news-today/
[3] https://www.scmagazine.com/news/attackers-leverage-windows-advanced-installer-to-drop-cryptocurrency-malware-on-heavy-3d-graphics-users