Saturday, July 13, 2024
EHA

New Malware Campaign Disguised as Google Translate Distribute Cryptocurrency Miner

Cryptocurrency mining malware has been found recently in an ongoing campaign in 11 countries disguised as Google Translate and MP3 downloaders.

In order to distribute fake applications, legitimate sites which offer free software are distributing them to their users. In addition to this, it also exposes users of search engines to malicious applications through regular visits to these sites.

Detection of this malware has been carried out by Check Point security analysts. Nitrokod is the developer of the malware, which is presented to the user as being free of malware and providing the functionality that is advertised.

Infection Chain

Most Nitrokod campaigns follow similar infection chains, starting with an infected file downloaded from the Internet, followed by the installation of a file that has been infected.

The Google Translate application is actually installed once the user launches the new software and the installation process is complete. 

A newer version of the file will then be dropped and this will start a series of four droppers that will eventually bring the actual malware to the computer.

Initially, when the malware is executed, it will connect to its command and control (C&C) server, which will configure the XMRig crypto miner to start mining as soon as the malware is activated.

In terms of search results, Nitrokod ranks highly in Google, so the website serves as a perfect catch for users who are looking for a certain service.

Here’s what the experts at Check Point stated:-

“To evade detection, during the installation of the malicious components of the malware, the software purposely delays the process for up to a month in order.”

There were over 112,190 downloads of Nitrokod’s Applet for Google Translate on Softpedia after the applet was posted there.

There is a dropper that is activated by the software so as to prevent raising suspicions and thwart sandbox analysis. During the fifth day of the infection, another encrypted RAR file was forwarded by Wget containing a dropper that was loaded from that file.

After a period of 15 days, the software will end up fetching the next encrypted RAR from the following web portal, using PowerShell commands:-

  • intelserviceupdate[.]com

Recommendation

The risk of crypto-mining malware can be quite high, since it can cause hardware stress and overheat, as a result of which it can damage the hardware. 

It also affects your computer’s performance by using additional CPU resources, which in turn results in a slower computer.

While to mitigate such a situation or threat you should follow the recommendations that we have mentioned below:-

  • Always avoid downloading apps from unknown sources.
  • Do not download any apps that promise unofficial functionalities.
  • Always verify the developer profile before downloading an app.
  • Avoid clicking spammy links to download any app.

Secure Azure AD Conditional Access – Download Free E-Book

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles