Crypto newsTechnology

Hackers deploy crypto-mining malware to target Windows tool.

Cisco’s Talos Intelligence reveals hackers exploiting Windows tool for crypto-mining malware since November 2021.

The attackers utilize Windows Advanced Installer, which assists developers in packaging software installers like Adobe Illustrator,

to execute malicious scripts on compromised devices.

In a blog post on September 7, Talos highlights that the targeted software installers primarily pertain to 3D modeling and graphic design and are predominantly written in French.

The analysis indicates that victims are likely from various industries such as architecture, engineering, construction, manufacturing,

and entertainment in French language-dominant countries.

The majority of attacks have affected users in France and Switzerland,

with some infections reported in other countries including the United States, Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore, and Vietnam.

The analysis is based on DNS request data sent to the attacker’s command and control host.

Talos identifies the illicit crypto mining campaign as involving the deployment of malicious PowerShell and Windows batch scripts to establish a backdoor and execute commands on the victim’s machine.

The utilization of PowerShell, which operates in the system’s memory rather than the hard drive,

makes detection more challenging.

Recent Attack Highlights Rising Cryptojacking Threat and Expanding Malware Tactics

Cryptojacking, basically a practice involving the unauthorized installation of crypto-mining code on devices for illicit cryptocurrency mining,

has been observed in a recent attack.

“These malicious scripts are executed using Advanced Installer’s Custom Action feature, which allows users to predefine custom installation tasks. The final payloads are PhoenixMiner and lolMiner, publicly available miners relying on computers’ GPU capabilities.”

The attacker, after establishing a backdoor, proceeds to execute additional threats such as the Ethereum crypto-mining program PhoenixMiner and the multicoin mining threat lolMiner.

Cryptojacking also involves exploiting devices without the user’s knowledge or consent to mine cryptocurrencies.

however, the Signs of mining malware may include device overheating and decreased performance.

This incident is part of a broader trend where malware families are utilized to hijack devices for cryptocurrency mining or theft.

BlackBerry, a former smartphone giant, recently uncovered malware scripts actively targeting various sectors,

including financial services, healthcare, and government.

These developments underscore the ongoing need for robust cybersecurity measures to protect against cryptojacking and other forms of malicious activities in the digital landscape.

Related Articles

Back to top button
WP Twitter Auto Publish Powered By :