The cybersecurity experts at Cisco Talos have recently uncovered a new threat targeting graphic designers and 3D modelers. This scheme involves cyber-criminals using cryptocurrency-mining malware to hijack Graphics Processing Units (GPUs) commonly utilized in these creative fields.
The campaign, which has been active since at least November 2021, utilizes the legitimate Windows tool “Advanced Installer” to bundle cryptocurrency-mining malware with popular software such as Adobe Illustrator and Autodesk 3ds Max. By exploiting Advanced Installer’s “Custom Actions” feature, the attackers are able to sneak malicious scripts into the software installation process, enabling them to deploy threats.
The payloads of this campaign include the M3_Mini_Rat client stub, which creates a backdoor, as well as cryptocurrency-mining malware like PhoenixMiner and lolMiner. These malicious activities can run stealthily in the background, consuming minimal resources and potentially going undetected by users for extended periods.
The cybercriminals behind this campaign have targeted primarily French-speaking users in countries like France and Switzerland, though isolated infections have been reported in other countries including the United States, Canada, and Germany. Graphic designers and 3D modelers are urged to exercise caution when installing software to avoid falling victim to these attacks.
Shawn Surber, senior director of technical account management at Tanium, emphasized the importance of collaboration between operations and security teams to detect and mitigate such threats. He explained that traditional security tools may not be able to detect these types of attacks, making it essential for operational tools to be tuned to observe and alert on anomalous behavior.
In conclusion, this campaign highlights the ongoing threat posed by cryptocurrency-mining malware and the importance of staying vigilant against such attacks. By remaining cautious and implementing robust security measures, graphic designers and 3D modelers can protect themselves and their organizations from falling prey to cyber-criminals.