112,000 computer users have been unknowingly mining cryptocurrency for a long time. Behind the hack is malware masquerading as Google Translate signed by Nitrokod. Luckily, Check Point Software found the malware and debunked it.
Over 100,000 deceived users
Check Point Software Technologies went unnoticed for a long time with malware presented as Google Translate by an organization called Nitrokod. This malware was only discovered when the cybersecurity company publicly announced it last Monday.
“@_CPResearch_ has discovered a #cryptominer #malware campaign that has potentially infected thousands of computers around the world. The attack, dubbed Nitrokod, was originally discovered by Check Point XDR. »
The software developed by Nitrokod INC has infected over 112,000 computers so far. In addition to infecting computers, the software has been used to mine the Monero cryptocurrency.
People don’t suspect anything when they download supposedly safe and free programs from sites like Uptodown and Softpedia. Many people have been scammed by this fake version of Google Translate found on Softpedia. This version of Google Translate has an average rating of 9.3 out of 10 on Softpedia.
By releasing desktop versions of popular applications such as Google Translate and Youtube Music Desktop, the Nitrokod team demonstrates an incredible ability to manipulate people.
Intelligence agency CPR claims that Nitrokod wrote the code for this cryptocurrency mining campaign. This campaign, which infected thousands of computers in 11 countries including the UK, Germany, USA, Israel, Poland, Australia, began in 2019. As a software developer, Nitrokod operates in the following ways:
- Modify the free official desktop version of popular software;
- Easy-to-develop programs based on the official Chromium web page;
- Separation of malicious activities from Nitrokod programs to eliminate suspicions;
- Make sure users can install the Google Translate app without asking questions;
- It is recommended to install update files for smooth integration of real malware;
- Connect the malware to the C&C server to get the configuration of the XMRig cryptominer;
- Then the cryptocurrency mining begins.
Difficult to detect this malware
Maya Horowitz, head of research at Check Point Software Technologies, said the malware was very difficult to detect.
“Beware of similar domains, website typos, and unknown email senders. Only download software from reputable authorized publishers or vendors and make sure you have a high level of security in place for complete protection. »
Despite its incredible popularity, this malware went largely unnoticed for a long time. The fake software has fooled many users into thinking they are using the official version.
Cryptocurrencies have given rise to many forms of cybercrime on both sides of the world. An example is this Google Translate app for Google Play, which masquerades as a fake app. When installed on a computer, it uses system resources and electricity to mine cryptocurrency. Consequently, this increases the users’ electricity bills.
This scam is classified by AVG as a form of cryptojacking. Since cryptojacking only mines cryptocurrencies that make money, this software does not affect personal data. However, in the future, hackers may change their methods of influencing data.