Blog

Sep 6, 2022

Nitrokod stealth malware hides on a pc for a month before it goes to work infects over 111,000 users

Posted by in categories: cryptocurrencies, cybercrime/malcode

A Turkish entity going by the name of Nitrokod has been accused of running a campaign by spoofing a desktop version of Google Translate to actively mine cryptocurrency from its more than 111,000 users across eleven countries (UK, US, Sri Lanka, Greece, etc., Israel, Germany, Turkey, Cyprus, Australia, Mongolia, and Poland) in 2019.

In addition to Google Translate, there are five other fake desktop applications on the Nitrokod website. Most of them impersonate programs that are not officially available as desktop applications, but as web or mobile applications, which makes the desktop version created by the attackers particularly attractive. In any case, they are popular applications that can be found on websites such as Softpedia and UpToDown.

Six fake applications available on the Nitrokod website. When installing any of these programs, the malicious effects do not manifest until after a sequence of dropper for almost a month after installation, in order to hide such effects from the antiviruses.

Comments are closed.