As Google has not released an official desktop version of its translation service, this could make the attackers’ version very appealing. Researchers added that the most popular Nitrokod programme is the Google Translate desktop application. Check Point said this gives the attackers the ability to spread functional programs easily without having to develop them. Most of the developed Nitrokod programs are easily built from official web pages using a Chromium-based framework. “Currently, the threat we identified was unknowingly installing a cryptocurrency miner, which steals computer resources and leverages them for the attacker to monetise on,” Check Point VP of research Maya Horowitz said. After the malware is executed, it connects to the command and control server to start the mining activity. However, an updated file is also dropped, which starts a series of four droppers until the actual malware is dropped. When a user launches the new software, an application such as Google Translate is installed. The report said that Nitrokod’s software is typically downloaded on platforms like Softpedia and Uptodown. This Turkish-based campaign, called Nitrokod, has been active since 2019 and has claimed victims in 11 countries. Researchers at Check Point said the campaign drops the malware from unofficial desktop versions of popular apps. Check Point said the crypto-mining campaign has been active since 2019, infecting an estimated 111,000 victims in 11 countries.Ī malicious campaign mimicking Google Translate and other free software is infecting computers with crypto-mining malware, according to a new report.
0 kommentar(er)
