Malicious software designed to mine cryptocurrency has been spreading across hundreds of devices under the appearance of a Google Translate app.
The malicious software, referred to as “Nitokod,” was designed as a desktop program for Google Translate and was built by an organization located in Turkey, according to Check Point Research (CPR) on August 29.
In the lack of an official desktop client for Google’s Translate services, a large number of Google users have downloaded this program on their computers. When this program is installed on a smartphone, it immediately begins setting up a sophisticated cryptocurrency mining business on that device.
Following the downloading of this malicious application, the process of installing malware is initiated via the use of a scheduled task mechanism. In a later stage, this malicious software installs a complex mining rig for the Monero (XMR) cryptocurrency.
Infection chain. Source: Check Point
Related
Robinhood enables Cardano (ADA) trading for its 23 million usersCrypto community makes bullish Binance Coin (BNB) prediction for the end of September$1 billion pumped into Terra Classic’s market cap in a week as LUNC surges by 180%
The mining software is based on the Proof of Work (PoW) mining concept, which consumes a significant amount of electricity. As a result of this, it gives the controller of this campaign covert access to the computers that have been infected, allowing them to scam people and subsequently cause harm to the systems.
The CPR report claims: “After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download’. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection.”
According to reports, Nitrokod malware has affected machines in at least 11 countries since its distribution in 2019. CPR has also tweeted updates and warnings regarding the crypto mining effort.
As per Zscaler Threatlabz, the Joker virus, another malware, infected 50 apps on the Google Play Store earlier this year in a similar approach. They were quickly deleted from Google’s app store. According to the Zscaler ThreatLabz team, the Joker, Facestealer, and Coper malware families were discovered to be propagating via applications.
When the ThreatLabz team promptly informed the Google Android Security team of these newly identified hazards, the malicious applications were quickly removed from the Google Play Store.
However, even though many people in crypto are anxious about reports about possible scams, a recent study has shown that cryptocurrency scam revenue fell 65% and has been decreasing.
The Monetary Authority of Singapore (MAS) recently held its seventh annual meeting of the Cyber Security Advisory Panel (CSAP) with cybersecurity experts from around the world. Topics covered included the growing challenges in mobile banking security due to the increase in online scams and the expanding use of artificial intelligence (AI) in the financial industry.
JoyEtherHiding is a new technique employed by hackers to infiltrate websites powered by WordPress. Once in, they embed malicious code designed to pilfer partial payments from blockchain contracts.
KikyoLazarus Group's typical approach involves luring victims with enticing employment offers at reputable companies, tricking them into downloading malicious payloads disguised as documents.
DavinThis insidious malware specifically targets individuals who engage in blockchain games, preying on their interest in financial rewards to deceive and steal.
Coinlive XMRig, a crypto-jacking malware, was discovered in pirated software. The malware is very hard to detect.
BeincryptoOriginally proposed in 2020, MiCA will likely only be effected in 2024.
BeincryptoBlueNoroff has expanded its criminal activities to include posing as venture capitalists looking to invest in crypto startups.
decryptThe developer who found the vulnerability requested developers to sign their revisions with the GPG key to ensure all their revisions on the project can be verified.
CointelegraphThe malware targets Zcash and Ethereum wallets alongside Electrum, Atomic Wallet and Coinomi, it takes your browser extension and login data and reads your chat logs.
Cointelegraph