Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Crypto Heist Hits Graphic Designers

September 8, 2023
Reading Time: 2 mins read
in Alerts

Cyber attackers have been running a cryptocurrency-mining campaign aimed at 3D modelers and graphic designers since November 2021. Their method involves using modified versions of legitimate Windows installer tools, specifically Advanced Installer, to conceal malware within software installers commonly used by creative professionals.

The attackers exploit Advanced Installer’s “Custom Action” feature to execute malicious scripts that deliver various payloads, including the M3_Mini_Rat client stub backdoor, the Ethereum cryptomining malware PhoenixMiner, and the multi-coin mining threat lolMiner. While most victims are in France and Switzerland, the campaign has also targeted individuals and organizations in the US, Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore, and Vietnam.

Industries such as architecture, engineering, construction, manufacturing, and entertainment are among those affected, as they often employ professionals with high GPU specifications and powerful graphics cards, making them attractive targets for crypto mining.

Cisco Talos’ report outlines two attack methods employed by the attackers. The first method involves bundling a malicious script with legitimate software installers, using Advanced Installer’s Custom Action feature to establish a backdoor and configure the task scheduler on the victim’s machine. The second method also utilizes Advanced Installer and Custom Actions to drop malicious batch scripts, leading to the installation of PowerShell loaders that execute malicious payloads, including PhoenixMiner and lolMiner.

What sets this campaign apart is the use of PhoenixMiner, which can be intentionally installed by users, making it harder to detect. The attackers’ use of lolMiner enables them to mine multiple cryptocurrencies simultaneously, increasing their potential financial gains. Additionally, the deployment of the M3_Mini_RAT, with its remote administration capabilities, provides insight into victims’ environments and hints at future attacks, making this campaign particularly concerning.

References:
  • GPU-thirsty hackers target architects, designers with cryptomining malware
  • Cybercriminals target graphic designers with GPU miners
Tags: 3D modelersCryptocurrencyCyber AlertCyber Alerts 2023CybersecurityFake installerGraphic designerMalwareSeptember 2023VulnerabilitiesWindows
ADVERTISEMENT

Related Posts

hpingbot Botnet Uses Pastebin C2 Channel

APT36 Targets Indian Defense Linux Systems

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

hpingbot Botnet Uses Pastebin C2 Channel

July 7, 2025
Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025

Latest Alerts

APT36 Targets Indian Defense Linux Systems

hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

Subscribe to our newsletter

    Latest Incidents

    Ransomware Attack Causes Outage at Ingram

    Call of Duty Players Hacked on Game Pass

    RansomHub Claims Theft of Coppell City Data

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial