A cryptocurrency mining malware has been stealthily invading hundreds of thousands of computers worldwide since 2019, often masquerading as legitimate programs like Google Translate.new research has found.
In a Monday report from Check Point Research (CPR), a research team for the American-Israeli cybersecurity vendor Check Point Software Technologies revealed that the malware has been flying under the radar for years, thanks in part to its insidious design that delays installation of cryptocurrency mining malware for weeks after the software’s initial download..
.@_CPResearch_ detected to #crypto mining #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details here: https://t.co/MeaLP3nh97 #cryptocurrency #TechnologyNews #CyberSec pic.twitter.com/ANOEI7FZ1O
— CheckPoint Software (@CheckPointSW) August 29, 2022
@_CPResearch_ has detected a cryptocurrency mining malware campaign that could infect thousands of machines worldwide. Dubbed ‘Nitrokod’, the attack was initially found by Check Point XDR. Get the details here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O
Linked to a Turkish-speaking software developer claiming to offer “free and secure software”, malware invades PCs via counterfeit desktop versions of popular apps like YouTube Music, Google Translate, and Microsoft Translate.
Once a scheduled task mechanism triggers the malware installation process, the malware follows several steps over several days, ending with the installation of a Monero (XMR) cryptocurrency mining operation..
The cybersecurity company said that Turkey-based cryptocurrency miner nicknamed “Nitrokod” has infected machines in 11 countries.
According to CRP, Popular software download sites like Softpedia and Uptodown had counterfeits available under the publisher name Nitrokod INC.
Some of the programs had been downloaded hundreds of thousands of times, like the fake desktop version of Google Translate on Softpedia, which even had nearly a thousand reviews, with an average score 9.3 out of 10, even though Google doesn’t have an official desktop version for that program.
According to Check Point Software Technologies, offering a desktop version of the apps is a key part of the scam.
Most of the programs offered by Nitrokod do not have a desktop version, which makes counterfeit software attractive to users who think they have found a program that is not available anywhere else..
According to Maya Horowitz, vice president of research at Check Point Software, malware-ridden fakes are also available “with a simple web search”.
“What’s most interesting to me is the fact that malware is so popular, yet it went under the radar for so long.”
At the time of writing this article, Nitrokod’s Google Translate Desktop copycat remains a top search result.
Design helps avoid detection
Malware is particularly difficult to detect, as even when a user launches the fake software, they do not realize it, as the fake apps can also mimic the same features offered by the legitimate app.
Most of the hackers’ programs are easily built from official websites using a Chromium-based framework.allowing them to spread functional malware-laden programs without the need to develop them from scratch.
So far, more than 100,000 people in Israel, Germany, the UK, the US, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia and Poland have fallen victim to the malware..
To avoid being scammed by this and similar malware, Horowitz says several basic safety tips can help reduce the risk.
“Beware of look-alike domains, website misspellings, and unknown email senders. Only download software from known and authorized publishers or vendors, and make sure your endpoint security is up-to-date and offers protection complete”.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.