Malware is finding new and original ways to disguise itself.
Check Point Research (CPR), a leading cyber threat intelligence firm, has detected a crypto miner malware, which has reportedly disguised itself as a popular software.
According to the report shared by the CPR team, the malicious malware has been infecting computers since 2019, presenting itself as Google Translate, Microsoft Translator, or YouTube Music.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Is Your Crypto Safe? (5 Best Crypto Security Practices Explained)
The researchers noted that malware was extremely difficult to detect due to the mechanism of its operations. After the initial download, the infection process was delayed for days or even weeks. The program was set up to run the malware installation in a multi-stage process, deleting all traces of this process.
The crypto miner malware was used to mine Monero (XMR). The malicious actors have chosen Monero cryptocurrency, not by chance. The cryptocurrency is characterized by complete anonymity. Therefore, only the recipient knows about the process of mining this cryptocurrency. On top of that, compared to other cryptocurrencies, XMR operations are relatively difficult to detect.
The Check Point Research team revealed that the malware has been launched and managed by Turkish-based Nitrokod. According to the report, the crypto mining malware has affected machines in 11 countries, including the United States, the United Kingdom, Germany, Australia, Poland, Sri Lanka, Turkey, Greece, and so on.
The software infected by crypto mining malware has appeared on popular software download sites, like Uptodown and Softpedia, where the author is identified as Nitrokod INC.
Even though Google Translate’s desktop version doesn’t exist, the report revealed that more than 100,000 users may have downloaded the program from Softpedia.
Vice president of research at Check Point Software, Maya Horowitz, when commenting on the malware problem, noted:
Beware of lookalike domains, spelling errors in websites, and unfamiliar email senders. Only download software only from authorized, known publishers or vendors and ensure your endpoint security is up to date and provides comprehensive protection.
In other news, at the beginning of August, GitHub was invaded by malware, resulting in thousands of cloned repositories, which included crypto, JavaScript, Python, and others.
