A recent study conducted by Check Point Research (CPR) has revealed a concerning cryptocurrency mining campaign that has been targeting unsuspecting PC users since 2019. The campaign, orchestrated by a group known as Nitrokod, has infected an estimated 111,000 victims across 11 different countries.
The attackers behind this campaign have gone to great lengths to avoid detection, including delaying the infection process for weeks. They have been distributing malware disguised as free software, which can be found on popular websites like Softpedia and uptodown. Additionally, users searching for terms such as ‘Google Translate Desktop download’ on Google may inadvertently come across this malicious software.
Once the user downloads and launches the fake Google Translate Desktop application, a series of droppers are installed on the system, ultimately leading to the deployment of the malware. This malware then connects to a command and control server to retrieve a configuration for the XMRig cryptominer, which then begins mining cryptocurrency using the victim’s computer resources.
Maya Horowitz, VP of research at Check Point Software, highlighted the danger of this campaign, stating that the attackers could easily switch the payload from a cryptominer to a ransomware or banking Trojan. This ability to alter the final payload makes this campaign particularly concerning.
Despite the widespread use of this malicious software, it managed to remain undetected for an extended period. Check Point has taken steps to block this threat for its customers and is now sharing this information to help protect others from falling victim to this campaign.
For more detailed information on the technical aspects of this campaign, you can refer to the full report published by CPR. This report follows closely on the heels of CPR’s release of a list of the most commonly used malware in July.
In conclusion, it is essential for users to exercise caution when downloading software from the internet and to ensure that they have robust security measures in place to protect against such threats. Stay informed and stay safe online.