Crypto mining malware has been sneakily invading hundreds of thousands of computers around the world since 2019, often masquerading as legitimate programs, such as Google Translate, new research has found.
In an Aug. 29 report by Check Point Research (CPR), a research team for American-Israeli cybersecurity provider, Check Point Software Technologies, the malware has been flying under the radar for years, thanks partly to its insidious design which delays instaling the crypto mining malware for weeks after the initial software download.
.@_CPResearch_ detected a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details, here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O
— Check Point Software (@CheckPointSW) August 29, 2022
Linked to a Turkish-based-speaking software developer claiming to offer “free and safe software,” the malware program invades PCs through counterfeit desktop versions of popular apps such as YouTube Music, Google Translate and Microsoft Translate.
Once a scheduled task mechanism triggers the malware installation process, it steadily goes through several steps over several days, ending with a stealth Monero (XMR) crypto mining operation being set up.
The cybersecurity firm said that the Turkish-based crypto miner dubbed ‘Nitrokod’ has infected machines across 11 countries.
According to CPR, popular software downloading sites like Softpedia and Uptodown had forgeries available under the publisher name “Nitrokod INC”.
Some of the programs had been downloaded hundreds of thousands of times, such as the fake desktop version of Google Translate on Softpedia, which even had nearly a thousand reviews, averaging a star score of 9.3 out of ten, despite Google not having an official desktop version for that program.
According to Check Point Software Technologies, offering a desktop version of apps is a key part of the scam.
Most programs offered by Nitrokod don’t have a desktop version, making the counterfeit software appealing to users who think they’ve found a program unavailable anywhere else.
According to Maya Horowitz, VP of Research at Check Point Software, the malware riddled fakes are also available “by a simple web search”.
“What’s most interesting to me is the fact that the malicious software is so…
Click Here to Read the Full Original Article at Cointelegraph.com News…