Security News > 2023 > September > Windows cryptomining attacks target graphic designer's high-powered GPUs
Cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with cryptocurrency miners.
The attackers promote installers for popular 3D modeling and graphic design software such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, likely through black hat search engine optimization techniques.
These installers include hidden malicious scripts that infect downloaders with remote access trojans and cryptomining payloads.
Cisco's analysts have observed two distinct attacks used in this campaign.
The two attack methods differ in the scripts executed, the complexity of the infection chain, and the final payloads dropped on the target device.
The first method, which delivers a backdoor payload, could be chosen by the attackers in cases where maintaining discreet, prolonged access to target systems is the primary goal.
News URL
Related news
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Windows 10 KB5055612 preview update fixes a GPU bug in WSL2 (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)