Hackers have been using a Windows tool to drop cryptocurrency-mining malware since November 2021, according to an analysis from Cisco’s Talos Intelligence. The attacker exploits Windows Advanced Installer — an application that helps developers package other software installers, such as Adobe (NASDAQ:ADBE) Illustrator — to execute malicious scripts on infected machines.
According to a Sept. 7 blog post, the software installers affected by the attack are mainly used for 3D modeling and graphic design. Additionally, most of the software installers used in the malware campaign are written in French. The findings suggest that the “victims are likely across business verticals, including architecture, engineering, construction, manufacturing, and entertainment in French language-dominant countries," explains the analysis.