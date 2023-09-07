城市生活

揭開新技術和人工智能的力量

專業技術

網絡犯罪分子利用 Windows Installer 用加密貨幣挖礦程序感染圖形設計師的計算機

By薇琪斯塔夫羅普盧

7 年 2023 月 XNUMX 日
網絡犯罪分子利用 Windows Installer 用加密貨幣挖礦程序感染圖形設計師的計算機

Cybercriminals have discovered a new method to target graphic designers, infecting their computers with cryptocurrency miners. The attackers are using a legitimate Windows tool called ‘Advanced Installer’ to distribute malicious scripts disguised as installers for popular 3D modeling and graphic design software.

The campaign, discovered by Cisco Talos, has been active since at least November 2021. The attackers are likely using black hat search engine optimization techniques to promote these infected installers. When users download and run the installers, they unknowingly install remote access trojans (RATs) and cryptomining payloads.

Graphics designers, animators, and video editors are the primary targets of this campaign. These professionals often use computers with powerful GPUs that have the capability to support higher mining hash rates, making them more profitable for the attackers.

Cisco’s analysts have identified two distinct attack methods used in this campaign. Both methods utilize Advanced Installer to create installer files packed with malicious PowerShell and batch scripts. These scripts are executed upon launching the installer. The first attack method sets up a recurring task running a PowerShell script that decrypts the final payload. The second attack method drops two malicious scripts that set up scheduled tasks to run PowerShell scripts.

The payloads delivered through these attacks include a remote access tool called M3_Mini_Rat, which gives attackers control over infected systems. The RAT can perform various functions such as system reconnaissance, process management, file system exploration, command and control tasks, file management, data transmission, and more. The other two payloads, PhoenixMiner and lolMiner, mine cryptocurrency by hijacking the computational power of graphics cards.

The attackers behind this campaign appear to be primarily interested in financial gain. The second attack method, which deploys cryptominers, focuses on swift financial gains at a higher risk of detection. The M3_Mini_Rat payload, on the other hand, allows the attackers to maintain discreet, prolonged access to target systems.

The campaign has primarily affected victims in France and Switzerland, with notable infections in the United States, Canada, Germany, Algeria, and Singapore. To protect against this type of attack, users should be cautious when downloading software from unofficial sources and ensure that they are using legitimate and up-to-date installers.

資源：
– Cisco Talos (no URL provided)

By 薇琪斯塔夫羅普盧

相關帖子

專業技術

Epic Games 首席創意官唐納德·穆斯塔德 (Donald Mustard) 退休

9 年 2023 月 XNUMX 日 加布里埃爾博塔
專業技術

豐田 GR Corolla Morizo​​ 與本田思域 Type-R：一場勢均力敵的 U 型直線加速賽

9 年 2023 月 XNUMX 日 曼波布雷西亞
專業技術

麥克拉肯縣公共圖書館為老年人提供免費的計算機和數字素養課程

9 年 2023 月 XNUMX 日 曼波布雷西亞

你錯過了

專業技術

Epic Games 首席創意官唐納德·穆斯塔德 (Donald Mustard) 退休

9 年 2023 月 XNUMX 日 加布里埃爾博塔 0 個評論
專業技術

豐田 GR Corolla Morizo​​ 與本田思域 Type-R：一場勢均力敵的 U 型直線加速賽

9 年 2023 月 XNUMX 日 曼波布雷西亞 0 個評論
科學

新研究發現吡羅昔康與左炔諾孕酮聯合使用可提高緊急避孕的有效性

9 年 2023 月 XNUMX 日 薇琪斯塔夫羅普盧 0 個評論
最新消息

徹底改變用戶體驗：顯示面板技術的演變

9 年 2023 月 XNUMX 日 0 個評論