September 8, 2023 | Cisco Talos researchers uncovered a cryptocurrency-mining scheme targeting graphic designers and 3D modelers. Active since November 2021, the attackers use the legitimate Windows tool “Advanced Installer” to bundle mining malware with software like Adobe Illustrator. The focus on graphic design and 3D modeling tools is due to their high GPU power, ideal for mining. Malicious scripts, hidden in the installation process, deploy threats like the M3_Mini_Rat backdoor and mining malware (PhoenixMiner, lolMiner). The campaign, mainly affecting French-speaking users, emphasizes the need for caution during software installation. Persistent and difficult to detect, such campaigns highlight the importance of collaboration between operations and security teams.