Graphic Designers and 3D Modelers Targeted by Cryptocurrency-Mining Malware
A recent discovery by security researchers at Cisco Talos has unveiled a new scheme that specifically targets graphic designers and 3D modelers. Cyber-criminals are utilizing cryptocurrency-mining malware to hijack the Graphics Processing Units (GPUs) commonly used in these creative fields.
How the Attack Unfolds
According to an advisory released by Cisco Talos, this malicious campaign has been active since at least November 2021. The attackers are leveraging “Advanced Installer,” a legitimate Windows tool for software packaging, to bundle cryptocurrency-mining malware with legitimate software such as Adobe Illustrator and Autodesk 3ds Max.
The focus on graphic design and 3-D modeling software is strategic as these tools demand high GPU power, which aligns with the cyber-criminals’ cryptocurrency-mining objectives. By exploiting Advanced Installer’s “Custom Actions” feature, the threat actors are able to insert malicious scripts into the software installation process, facilitating the deployment of threats.
Types of Malware Used
The payloads deployed in this campaign include the M3_Mini_Rat client stub, which creates a backdoor, as well as cryptocurrency-mining malware like PhoenixMiner and the versatile lolMiner.
Callie Guenther, cyber threat research senior manager at Critical Start, highlighted the profitability of cryptocurrency mining on machines with high-end GPUs. The malware can operate discreetly in the background, consuming minimal resources and potentially evading detection by users.
Global Impact
While this campaign predominantly targets French-speaking users in countries like France and Switzerland, there have been isolated infections in various other countries including the United States, Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore, and Vietnam.
Protecting Against Attacks
Graphic designers and 3-D modelers are urged to exercise caution when installing software to mitigate the risk of falling victim to such attacks. Shawn Surber, senior director of technical account management at Tanium, emphasized the importance of collaboration between operations and security teams to detect and respond to subtle and persistent threats like this.
This incident serves as a reminder of the need for organizations to remain vigilant and employ a holistic approach to cybersecurity to safeguard against evolving threats.