Security News > 2023 > September > Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021.

"The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses Advanced Installer's Custom Actions feature to make the software installers execute the malicious scripts," Cisco Talos researcher Chetan Raghuprasad said in a technical report.

The software installers predominantly use the French language, a sign that French-speaking users are being singled out.

As for the initial access vector, it's suspected that search engine optimization poisoning techniques may have been employed to deliver the rigged software installers to the victim's machines.

The installer, once launched, activates a multi-stage attack chain that drops the M3 Mini Rat client stub and the miner binaries.

In yet another case of legitimate tool abuse, Check Point is warning of a new type of phishing attack that leverages Google Looker Studio to create bogus cryptocurrency phishing sites in an attempt to sidestep protections.

News URL

https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html