Cryptomining malware has secretly infected hundreds of thousands of computers around the world since 2019, often masquerading as legitimate programs like Google Translate, new research shows.
Disguised as legitimate desktop software, the malware infected thousands of devices in 11 countries, forcing them to unknowingly mine Monero (XMR).
In an Aug. 29 report by Check Point Research (CPR), a research team for American-Israeli cybersecurity provider, Check Point Software Technologies revealed the malware went undetected for years, thanks partly to its insidious design which delays installing the crypto mining malware for weeks after the initial software download.
Linked to a Turkish-based-speaking software developer claiming to offer “free and safe software,” the malware program infects computers with fake desktop versions of popular programs such as YouTube Music, Google Translate, and Microsoft Translate.
When the scheduled task engine starts the malware installation process, it follows several steps continuously for several days and starts a secret Monero (XMR) mining operation.
The cybersecurity firm claimed that the Turkish-based crypto miner dubbed ‘Nitrokod’ has infected machines across 11 countries.
According to CPR, popular software downloading sites like Softpedia and Uptodown had forgeries available under the publisher name “Nitrokod INC”.
Although Google doesn’t have an official desktop, some apps have been downloaded hundreds of thousands of times, like Softpedia’s fake desktop version of Google Translate, which has nearly a thousand reviews. version for this program
Check Point Software Technologies claimed that offering a desktop version of apps is a key part of the scam.
Most of the programs offered by Nitrocode do not have a desktop version, which attracts users who believe that the fake software is not available elsewhere.
According to Maya Horowitz, VP of Research at Check Point Software, the malware-riddled fakes are also available “by a simple web search”.
Malware detection is more difficult because even if the user runs the fake software, it is not smart because the fake programs can imitate the same functions that the legitimate program provides.
Most hacking programs are easy to build from official web pages using a Chromium-based framework that allows you to distribute working programs loaded with malware without having to build them from scratch.
So far, over one hundred thousand people across Israel, Germany, the U.K., America, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have all fallen victim to the malware.
To avoid getting scammed by this malware and others like it, Horowitz, says several basic security tips can help reduce the risk.
“Beware of lookalike domains, spelling errors in websites, and unfamiliar email senders. Only download software only from authorized, known publishers or vendors and ensure your endpoint security is up to date and provides comprehensive protection.”
Leave a Reply