Join Our Telegram channel to stay up to date on breaking news coverage
The crypto miner malware program known as “Nitrokod,” which infected computers in 11 different nations, was recently discovered by a group of researchers from an organization, Check Point Research (CPR). The cybersecurity experts from CPR have revealed that this malware has infected thousands of Windows PCs and laptops around the globe.
Although this threatening malware strain may have just recently come to light, it has been around for a while. To make sure that the individual doesn’t notice increases in the PC’s power consumption, attackers wait for a month after the app is installed before starting to mine cryptocurrency. The malware could not be detected earlier as it remained undetected within many authentic-looking applications available on various platforms.
How Does This Malware Disguise Itself?
A few of the locations where this malware was hidden have been found by researchers. One of them poses as an “official Google Translate client,” according to the CPR researchers. With the help of the Chrome browser, users may perform a Google search, and the malware will try to enter the system by showing up at the top of the search results if you put “Google Translate Desktop download” into the Google Search field.
The study also reveals that the malware is concealed among a number of legitimate apps that are posted on free software sources like Softpedia and are credited to Nitrokod Inc. On certain websites, malicious software will exclaim that they are “100% clean,” while in reality, they contain mining malware.
Underneath the illusion of being a trustworthy app, Nitrokod is a Trojan horse that silently mines Monero on your system. This implies that users who install the program can unintentionally join a Monero miner’s mining setup. Unintended mining consumes a lot of processing resources, which severely reduces the performance of a computer system.
How Does This Malware Attack?
A scheduled task function is used to start the malware setup process after the malicious program has been downloaded. A complex mining system for the Monero cryptocurrency based on the proof of work mining model is afterwards installed by this destructive spyware. Hence, it gives the campaign’s mastermind secret access to the infected systems, enabling him to trick people and later harm the devices.
Nitrokod generally attacked those applications that were widely used by the people, which is why the Google Translate app that got thousands of downloads since 2019 got itself on that list. As soon as the user installs any app that is attacked by this malware, this malware ensures that it does not bring out any noticeable change in the performance of the system.
The malware does not start mining Monero immediately; rather, it waits for some time and then starts triggering the performance of the computer. Overall, it starts mining Monero by utilizing the power from the system after a span of a month.
In order to be more safeguarded, the Nitrokod team has the option to only mine using a small portion of the computer’s power, which would barely affect speed. In this case, detection of this malware becomes more difficult for the users, and it stays longer in the system.
Implications for Monero
Monero provides complete anonymity to its holders. There are benefits for the Monero community despite the fact that such malware may bother those who accidentally installed programs like the ones indicated above or who might have had their system attacked by this malware in another way.
Due to the popularity of this malware, considerably more individuals are mining Monero than would normally be the case, whether deliberately or unknowingly, and the Monero hash rate can increase in a manner that isn’t imaginable if Monero didn’t have such excellent privacy. It will be interesting to see how regulators will react to this malware attack and ensure the protection of users.
Read More
Join Our Telegram channel to stay up to date on breaking news coverage