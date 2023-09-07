逸耘居

揭开新技术和人工智能的力量

技术

网络犯罪分子利用 Windows Installer 用加密货币挖矿程序感染图形设计师的计算机

By薇琪斯塔夫罗普卢

7 年 2023 月 XNUMX 日
网络犯罪分子利用 Windows Installer 用加密货币挖矿程序感染图形设计师的计算机

Cybercriminals have discovered a new method to target graphic designers, infecting their computers with cryptocurrency miners. The attackers are using a legitimate Windows tool called ‘Advanced Installer’ to distribute malicious scripts disguised as installers for popular 3D modeling and graphic design software.

The campaign, discovered by Cisco Talos, has been active since at least November 2021. The attackers are likely using black hat search engine optimization techniques to promote these infected installers. When users download and run the installers, they unknowingly install remote access trojans (RATs) and cryptomining payloads.

Graphics designers, animators, and video editors are the primary targets of this campaign. These professionals often use computers with powerful GPUs that have the capability to support higher mining hash rates, making them more profitable for the attackers.

Cisco’s analysts have identified two distinct attack methods used in this campaign. Both methods utilize Advanced Installer to create installer files packed with malicious PowerShell and batch scripts. These scripts are executed upon launching the installer. The first attack method sets up a recurring task running a PowerShell script that decrypts the final payload. The second attack method drops two malicious scripts that set up scheduled tasks to run PowerShell scripts.

The payloads delivered through these attacks include a remote access tool called M3_Mini_Rat, which gives attackers control over infected systems. The RAT can perform various functions such as system reconnaissance, process management, file system exploration, command and control tasks, file management, data transmission, and more. The other two payloads, PhoenixMiner and lolMiner, mine cryptocurrency by hijacking the computational power of graphics cards.

The attackers behind this campaign appear to be primarily interested in financial gain. The second attack method, which deploys cryptominers, focuses on swift financial gains at a higher risk of detection. The M3_Mini_Rat payload, on the other hand, allows the attackers to maintain discreet, prolonged access to target systems.

The campaign has primarily affected victims in France and Switzerland, with notable infections in the United States, Canada, Germany, Algeria, and Singapore. To protect against this type of attack, users should be cautious when downloading software from unofficial sources and ensure that they are using legitimate and up-to-date installers.

来源：
– Cisco Talos (no URL provided)

By 薇琪斯塔夫罗普卢

相关帖子

技术

Epic Games 首席创意官唐纳德·穆斯塔德 (Donald Mustard) 退休

9 年 2023 月 XNUMX 日 加布里埃尔博塔
技术

丰田 GR Corolla Morizo​​ 与本田思域 Type-R：一场势均力敌的 U 型直线加速赛

9 年 2023 月 XNUMX 日 曼波布雷西亚
技术

麦克拉肯县公共图书馆为老年人提供免费的计算机和数字素养课程

9 年 2023 月 XNUMX 日 曼波布雷西亚

你错过了

技术

Epic Games 首席创意官唐纳德·穆斯塔德 (Donald Mustard) 退休

9 年 2023 月 XNUMX 日 加布里埃尔博塔 0条评论
技术

丰田 GR Corolla Morizo​​ 与本田思域 Type-R：一场势均力敌的 U 型直线加速赛

9 年 2023 月 XNUMX 日 曼波布雷西亚 0条评论
科学

新研究发现吡罗昔康与左炔诺孕酮联合使用可提高紧急避孕的有效性

9 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢 0条评论
新闻中心

彻底改变用户体验：显示面板技术的演变

9 年 2023 月 XNUMX 日 0条评论