Thousands of PCs in 11 countries have been infected by this ingenious virus, which poses as legitimate desktop applications, compelling users to unwittingly mine Monero (XMR).
A recent study claims that since 2019, crypto mining malware has been quietly infecting thousands of computers worldwide by commonly passing itself off as reputable programs like Google Translate. In a report published on Monday by Check Point Research (CPR), a research team for the American-Israeli cybersecurity business, Check Point Software Technologies found that the virus has been functioning undetected for years. This is partly because of the malware’s clever architecture, which delays the crypto mining malware’s installation for weeks after the first program download.
What to Look Out For?
The malicious application infects computers using phony desktop versions of popular tools like Microsoft Translator, Google Translate, and YouTube Music. It is connected to a Turkish-speaking software creator that promotes open-source, safe software. After a virus installation process is gradually started over many days via a scheduled task mechanism, a covert Monero (XMR) crypto mining operation is set up. According to the cybersecurity firm, computers in 11 different countries were attacked by the “Nitrokod” miner, which has headquarters in Turkey. CPR claims that fake software with the publisher name Nitrokod INC was available on popular software download portals, including Softpedia and Uptodown.
The fake desktop version of Google Translate on Softpedia has nearly 1000 ratings and an average star rating of 9.3 out of 10, even though Google doesn’t offer an official desktop version of that program. Numerous apps have received hundreds of thousands of downloads.
The provision of a desktop version of the apps, according to Check Point Software Technologies, is a key component of the scam. The absence of desktop versions in the bulk of Nitrokod’s programs draws users who think they have found software that isn’t available elsewhere.