Attackers Leverage Windows Advanced Installer to Drop Cryptocurrency Malware

Advanced Installer, a legitimate windows tool, is being hijacked by threat actors, in order to create software packages to drop cryptocurrency mining malware on computers. The main targets are heavy users of 3D modeling and graphic design in France and Germany. In this SC Magazine article, Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, discusses the various methods and motivations these attackers may use to choose their targets.

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.

Don’t Fear Risk. Manage It.


CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.