Crypto mining malware has infiltrated hundreds of thousands of computers since 2019, often masquerading as legitimate programs like Google Translate, according to new research.
Released Monday by US-Israeli cybersecurity provider Check Point Software Technologies. To Check Point Research The malware has so far gone unnoticed, as it installed the cryptomining software weeks after it was first downloaded, according to (CPR).
.@_CPResearch_ found a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details here: #cryptocurrency #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O
— Check Point Software (@CheckPointSW) August 29, 2022
The malicious program in Turkish language and associated with a software developer that claims to be “safe and free software” gains access to personal computers via fake versions of popular websites such as YouTube Music, Google Translate and Microsoft Translate.
When the scheduled task mechanism triggers the software installation process, phases that take several days are passed and eventually Monero (XMR) mining operation is created.
The cyber security company announced that the Turkish crypto mining software “Nitrokod” has spread to 11 countries.
According to CPR, popular software download sites like Softpedia and Uptodown are hosting fake versions under the publisher name Nitrokod INC.
Some programs, like the fake Google Translate desktop version on Softpedia, have been downloaded hundreds of thousands of times and even scored 9.3 points with thousands of comments. However, Google does not have an official desktop version for this program.
Check Point Software Technologies added that non-existent desktop versions of applications are key to fraud. Most of the programs that Nitrokod offers do not have a desktop version.
Thousands of users from Israel, Germany, UK, USA, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia and Poland have fallen victim to this extensive scam.