Cybercriminals are using a legitimate Windows tool called Advanced Installer to spread cryptocurrency-mining malware. The malware is being distributed in malicious installers for legitimate software, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro.
The malware is being targeted at users in the architecture, engineering, construction, manufacturing, and entertainment sectors. These industries rely on computers with high Graphics Processing Unit (GPU) power for their day-to-day operations, making them lucrative targets for cryptojacking.
The malware is being distributed through malicious installers that are hosted on websites that appear to be legitimate. The installers are designed to look like legitimate software installers, but they actually contain the malicious code.
When the malicious installer is opened, it installs the malware on the victim’s computer. The malware then uses the victim’s computer to mine cryptocurrency, such as Bitcoin or Ethereum. This can significantly slow down the victim’s computer and use up their resources.
Spear phishing
The cybercriminals behind this attack are using a technique called “spear phishing” to target specific victims. Spear phishing involves sending emails that are specifically tailored to the victim. In this case, the emails are being sent to users in the architecture, engineering, construction, manufacturing, and entertainment sectors.
The emails contain links to malicious websites that host the malicious installers. The emails also contain social engineering techniques to trick the victim into clicking on the links.
Preventing cryptojacking attacks
Users can protect themselves from this attack by being careful about what software they install on their computer. Only install software from trusted sources. Users should also keep their software up to date. Software updates often include security patches that can help protect users from malware.
Users should also be careful about what websites they visit and what links they click on. If a user receives an email from an unknown sender, they should be suspicious of any links in the email. Users should never click on links in emails from unknown senders.
If a user thinks they may have been infected with the malware, they should contact their security solution provider or a cybersecurity expert for help.
Here are some additional tips to help users stay safe from cryptojacking attacks:
- Use a firewall to block unauthorized access to your computer.
- Keep your operating system and software up to date with the latest security patches.
- Be careful about what websites you visit and what links you click on.
- Use a reputable antivirus program and keep it up to date.
- Monitor your computer’s performance for any unusual activity.
Advanced Installer
Advanced Installer is a Windows installer authoring tool that simplifies how you package and update your software on Windows. It offers a friendly and easy-to-use Graphical User Interface (GUI) for creating and maintaining installation packages (EXE, MSI, etc.) based on the Windows Installer technology. It has been used by developers, ISVs, and enterprises for building MSI installers for over 20 years.
The tool provides support for MSIX technology.
Advanced Installer is easy-to-use, allowing you to install, update, and configure your products safely, securely, and reliably. It also offers features such as MSIX packaging, Visual Studio integration, continuous integration, team collaboration, extensibility with custom code, customizable GUIs, internationalization support, cloud and desktop deployment options, and more.