Crypto mining malware impersonates Google translate desktop, other legitimate apps

2022-8-31 22:21

Israeli-based cyber threat intelligence firm, Check Point Research (CPR) unmasked a malicious crypto mining malware campaign dubbed Nitrokod as the perpetrator behind the infection of thousands of machines across 11 countries in a report published on Sunday.

Crypto miner malware, also known as cryptojackers, is a type of malware that exploits the computing power of infected PCs to mine cryptocurrency.

Nitrokod has been impersonating Google Translate Desktop and other free software on websites to launch crypto miner malware and infect PCs.  When unsuspecting users search for “Google Translate Desktop download”, the malicious link to the malware-infected software appears at the top of Google Search results.

Since 2019, the malware has been operating with a multi-stage infection process, starting off by delaying contaminating the infection process until a few weeks after the users download the malicious link. They also remove traces of the original installation, keeping the malware-free from detection by anti-virus programs.

“Once the user launches the new software, an actual Google Translate application is installed,” the CPR report read. This is where victims encounter realistic-looking programs with a Chromium-based framework that directs the user from the Google Translate webpage and tricks them into downloading the fake application.

In the next stage, the malware schedules tasks to clear logs to remove related files and evidence and the next stage of the infection chain will continue after 15 days multi-stage approach helps the malware avoid being detected in a sandbox set up by security researchers.

“In addition, an updated file is dropped, which starts a series of four droppers until the actual malware is dropped,” the CPR report added.

In other words, the malware starts a Monero (XMR) crypto-mining operation whereby the malware “powermanager.exe” is stealthily dropped into the infected machines by connecting to its Command and Control server that enables cybercriminals to monetize users of  Google Translate’s desktop app.

Monero is the best-known cryptocurrency for cryptojackers and other illicit transactions. The cryptocurrency offers near anonymity for its holders.

It is easy to fall victim to crypto miner malware since they are dropped from software found on the top of Google search results for legitimized applications. If you suspect your PC is infected, details on how to recover your infected machine can be found at the end of the CPR report. 

The post Crypto mining malware impersonates Google translate desktop, other legitimate apps appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Emerald Crypto (EMD) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 4.67 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Цена в час новости $ 0.0095806 (-100%)

crypto mining malware behind infection nitrokod thousands

crypto mining → Результатов: 126


Фото:

Argentina Embraces Bitcoin as Payment Method, Fuelling a 200% Surge in Profitable Crypto Mining, Priming BlockDAG Coin’s 2024 Success

Argentina allows Bitcoin (BTC) to be accepted as a mode of payment for contractual agreements. This latest crypto news opened doors for profitable crypto mining; with Bitcoin mining giving out unbelievable gains once again, the crypto market sees a $530 billion increase in its market capitalization.

2024-1-23 22:00


Will Crypto Mining Survive Another Government Crackdown?…

Crypto mining has been an environmental  issue that cant be over looked; World governments have tried to put a lid on it but still have an uphill battle as the popularity of crypto grows. Will crypto be mining be able to last if the technology still impacts the earth on high levels ? Or will it mold with the time and adapt with the land before governments continue to attack Crypto currency.

2022-1-30 04:48