{"id":22063,"date":"2023-09-07T21:06:31","date_gmt":"2023-09-07T21:06:31","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/windows-tool-targeted-by-hackers-deploys-crypto-mining-malware\/"},"modified":"2023-09-07T21:06:33","modified_gmt":"2023-09-07T21:06:33","slug":"windows-tool-targeted-by-hackers-deploys-crypto-mining-malware","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/windows-tool-targeted-by-hackers-deploys-crypto-mining-malware\/","title":{"rendered":"Windows tool targeted by hackers deploys crypto mining malware"},"content":{"rendered":"
Hackers have been using a Windows tool to drop cryptocurrency-mining malware since November 2021,\u00a0according to an analysis from Cisco’s Talos Intelligence. The attacker exploits Windows Advanced Installer \u2014 an application that helps developers package other software installers, such as Adobe Illustrator \u2014 to execute malicious scripts on infected machines.\u00a0<\/p>\n
According to a Sept. 7 blog post, the software installers affected by the attack are mainly used for 3D modeling and graphic design. Additionally, most of the software installers used in the malware campaign are written in French. The findings suggest that the “victims are likely across business verticals, including architecture, engineering, construction, manufacturing, and entertainment in French language-dominant countries,” explains the analysis. <\/p>\n
The attacks predominantly affect users in France and Switzerland, with a few infections in other countries, including the United States, Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore and Vietnam, the post notes based on DNS request data sent to the attacker\u2019s command and control (C2) host. <\/p>\n
The illicit crypto mining campaign identified by Talos involves the deployment of malicious PowerShell and Windows batch scripts to execute commands and establish a backdoor in the victim’s machine. PowerShell, specifically, is well-known for running in the memory of the system instead of the hard drive, making it harder to identify an attack. <\/p>\n