A new study shows that crypto mining malware has made its way onto hundreds of thousands of devices around the world since 2019. Sometimes it does this by pretending to be legal tools like Google Translate.Check Point Research (CPR), a research team for the American-Israeli cybersecurity company Check Point Software Technologies, said in a report that came out on August 29 that the malware has stayed hidden for years, in part because of its sneaky design, which delays the installation of crypto mining malware for weeks after the software is first downloaded.
The bad virus is linked to a Turkish-speaking software company that says it makes “free and safe software.” It gets into computers through fake desktop versions of popular apps like YouTube Music, Google Translate, and Microsoft Translate.
Related: Research suggests the human brain has the ability to spot deep fakes in the subconscious.
Once a scheduled task starts the malware installation process, it goes through several steps over the course of a few days. At the end, a secret Monero (XMR) cryptocurrency mining operation is set up.
The cybersecurity firm reported that the “Nitrokod” cryptocurrency miner, which originated in Turkey, attacked computers in eleven nations.
According to CPR, major software download sites like Softpedia and Uptodown offered counterfeits under the publication name “Nitrokod INC.”
Some of the apps have been downloaded hundreds of thousands of times, such as the false desktop version of Google Translate on Softpedia, which had nearly a thousand reviews with an average star rating of 9.3 out of 10.
Check Point Software Technologies says that a key part of the fraud is sending desktop versions of applications.
Most of the apps sold by NitroKod do not have desktop versions, which makes the counterfeit software enticing to consumers who believe they have discovered a programme that is unavailable elsewhere.
Maya Horowitz, vice president of research at Check Point Software, says that fakes that have malware on them can also be found by doing a simple web search.
“What fascinates me the most is how long the harmful programme remained undetected despite its popularity.”
At the time this article was written, Nitrokod’s copy of Google Translate Desktop was still one of the top search results.
Design Prevents Detection
Even when a user launches the phoney software, they remain oblivious to the fact that it is malicious since the fake applications may imitate the capabilities that the original programme delivers.
Using a framework based on Chromium, most of the hacker’s apps can be made from real web pages. This lets them spread malware-filled apps that work without having to make them from scratch.
Over 100,000 people have been infected in Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland.
Related: According to the document, Google, Facebook, and Twitter must deal with deep fakes or face fines from the EU.
Horowitz says that a few basic security steps can make it less likely that you will get this virus or one like it.
“Beware of lookalike domains, spelling problems on webpages, and unknown email senders. “Download software only from reputable, authorised publishers or suppliers, and ensure that your endpoint security is current and provides complete protection.”
