Crypto-mining malware has deviously infected hundreds of thousands of computers around the world. A new research shows that malware often comes in disguised as a legitimate program, such as a Google Translate application.
On the radar for years
The August 29 research report from Check Point Research (CPR), a cyber-security firm, says that malware often stays under the radar for years.
Partly due to the ingenious design of the applications, which on the surface seems to function just fine. However, if you dive into the code of the ‘Google Translate application’ in question, for example, you quickly discover that there is much more going on behind the scenes.
The design of the applications is so good that the mining software is not activated until several weeks after the initial installation of the app.
This makes it even more difficult to discover that the slowing down of your computer is related to the malware, because after all, it had been running for a few weeks without any problems.
Once the installation of the mining software starts, the program goes through all the steps spread over a few days. In the end, a well-hidden Monero-miner runs on your computer.
Computers infected in 11 countries
The malware that lives under the name “Nitrokod” is active in 11 different countries, according to the cyber-security company.
Some of the programs have been downloaded several hundred thousand times. For example, the Google Translate Desktop application on Softpedia has almost a thousand reviews with an average score of 9.3/10.
What is striking is that Google itself does not even have an official desktop application for Google Translate.
According to Check Point Research, the cyber-security company, offering desktop versions of applications is a key part of the scam.
In fact, most of the programs Nitrokod offers do not have desktop versions. This leads unknowing users to think they have found a great program that is not available anywhere else.
“The most interesting thing about this issue to me is that these applications are so popular, but at the same time have stayed under the radar for so long.”
Maya Horowitz, Check Point Research
112,000 computers prey to malware
So far, more than 112,000 computers have fallen prey to the Nitrokod malware. These include people from Israel, Germany, the United Kingdom, America, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia and Poland.
However, it is more than likely that there are also Dutch people who have the software on their computers.
Check Point Research has discovered the software, but there is little chance that this means the entire “damage picture” has been mapped out.
To avoid becoming a victim of this type of scam, Maya Horowitz has some simple tips.
“Be keen on websites that look like an official website, always check the domain name and never open emails from senders you don’t recognize. Only download software from authorized parties, known vendors and make sure your anti-virus software is always up to date,”
Maya Horowitz
Check Point Research was able to expose one group of scammers with this research, but there is a chance that many other programs are living under the radar.
This case makes it clear once again that the Internet is not necessarily a safe place and that it is important to invest time in proper security.