Check Point Research (CPR), the research team of American-Israeli cybersecurity provider Check Point Software Technologies, has uncovered a Monero mining malware dubbed “Nitrokod” that has been sneakily infecting computers across 11 countries since 2019.
In a report, the research team stated the malware often masqueraded as desktop versions of popular applications such as Google Translate, YouTube Music, and Microsoft Translate. These spoof versions are available on dozens of free software download websites, including Softpedia and Uptodown.
In the case of the fake Google Translate desktop app, on which the team based their findings, the research notes that the Turkish-based entity that operates the digital asset mining malware campaign is counting on the lack of an official desktop app to attract users to the app.
“Most of the programs Nitrokod offers are popular software that do not have an official desktop version. For example, the most popular Nitrokod program is the Google Translate desktop application. Google has not released an official desktop version, making the attackers’ version very appealing,” the report said.
The study found that the malware campaign has remained undetected until now due to how it operates. The malware delays initiating the stealth digital asset mining operation for several weeks after the initial software download. It does this by using a scheduled task mechanism that triggers the malware installation over several days and steps while deleting traces of the installation.
Surprisingly, the hackers do not even have to build fake apps from scratch as they are easily created from the official web pages of the owners using a Chromium-based framework that allows them to spread functional programs.
Monero getting increasingly linked to cyber criminals
Check Point estimates that at least one hundred thousand victims across Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have been inadvertently mining Monero (XMR) with their CPU.
Meanwhile, this is not the first time malwares that insidiously mine the privacy token have been found infecting machines. In an incident in January, New York-based cybersecurity company ReasonLabs found that one such malware was masquerading as a leaked version of the Marvel blockbuster movie “Spiderman: Far from Home.”
Meanwhile, a CNBC report notes that more and more cybercriminals have been ditching other digital assets like BTC for Monero. They are attracted by the fact the privacy token hides virtually all transaction details.
Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.