Check Point Research (CPR), an Israeli-based cyber threat intelligence firm, identified a malicious crypto mining malware campaign dubbed Nitrokod as the perpetrator behind the infection of thousands of machines across 11 countries in a report published on Sunday.
Crypto miner malware, also known as cryptojackers, is a type of malware that mines cryptocurrency using the computing power of infected PCs.
Nitrokod has been using websites to launch crypto miner malware and infect computers by impersonating Google Translate Desktop and other free software.
When unwary users search for “Google Translate Desktop download,” a malicious link to malware-infected software appears at the top of Google Search results.
Since 2019, the malware has been operating with a multi-stage infection process, starting off by delaying contaminating the infection process until a few weeks after the users download the malicious link.
They also remove traces of the original installation, keeping the malware-free from detection by anti-virus programs.
“Once the user launches the new software, an actual Google Translate application is installed,” the CPR report read.
This is where victims encounter realistic-looking programs with a Chromium-based framework that directs the user from the Google Translate webpage and tricks them into downloading the fake application.
The malware then schedules tasks to clear logs and remove related files and evidence, and the infection chain will continue after 15 days. This multi-stage approach helps the malware avoid detection in a sandbox set up by security researchers.
“In addition, an updated file is dropped, which initiates a series of four droppers until the actual malware is dropped,” according to the CPR report.
In other words, the malware initiates a Monero (XMR) crypto-mining operation in which the malware “powermanager.exe” is dropped stealthily into infected machines by connecting to its Command-and-Control server, allowing cybercriminals to monetize users of Google Translator’s desktop app.
To read our blog on “As Bitcoin approaches $24,000, crypto reclaims $1 trillion,” click here
