Crypto: Nitrokod, this malware disguised as Google Translate

« @_CPResearch_ has detected a #crypto miner #malware campaign, which has potentially infected thousands of machines around the world. Dubbed “Nitrokod”, the attack was initially discovered by Check Point XDR. »

To date, this software developed by Nitrokod INC has been able to infect nearly 112,000 computers. Here, “infect” is little to say, since its installation allowed the mining of cryptocurrencies, in particular Monero (XMR).

The users did not suspect anything since they had downloaded “free and safe software” in appearance. They can be downloaded from popular sites like Uptodown, Softpedia, etc., and have many positive reviews. Several people have been misled by this fake desktop version of Google Translate since it has an average rating of 9.3/10 on Softpedia.

This demonstrates how the Nitrokod team is very cunning. Moreover, offering a desktop version of a widely used application such as Google Translate or Youtube Music Desktop is a very fruitful practice for these hackers.

The modus operandi of Nitrokod

According to CPR, Nitrokod is the author of a crypto mining campaign that has infected thousands of machines spread across 11 countries. Active since 2019, this software developer acts like this :

• edit popular software free of official desktop version ;
• offer easy-to-develop programs from official web pages using Chromium ;
• separate malicious activity from the Nitrokod program in order to rule out any mistrust ;
• make the user install the Google Translate application without having to ask any questions ;
• propose the installation of an update file to gently integrate the real malware ;
• connect the malware to the C &C server in order to obtain a configuration for the XMRig crypto miner ;
• then launch the actual crypto mining.

It should be noted that the detection of this malware has been very difficult for Check Point Software Technologies. Maya Horowitz, vice president of the research department of this company, admitted this :

« What is most interesting in my opinion is the fact that this malware is so popular, while being under the radar for so long. »

The imitation of the real software seems perfect, to the point of fooling people residing in Israel, Cyprus, or even Australia.

If you want to avoid this kind of application, here is Mr. Horowitz’s advice :

« Beware of similar domains, spelling mistakes in websites and unknown email senders. Only download software from authorized and well-known publishers or sellers, and make sure you have a high level of security for complete protection. »

Conclusion

With the arrival of cryptocurrencies, several forms of cybercrime have emerged on both sides of the planet. This fake Google Translate application falls into the “cryptojacking” category ofAVG. So, once installed in your computer, it will make sure to pump all the resources of your system, and corollary, to increase your electricity bill. Note that cryptojacking is limited to the mining of cryptocurrencies that will make the attacker money. Your data will therefore remain safe, unless the hackers decide to change the process.

Receive a digest of the news in the world of cryptocurrencies by subscribing to our new service of newsletter daily and weekly so you don’t miss anything essential Cointribune!

Mikaia ANDRIAMAHAZOARIMANANA

The blockchain and crypto revolution is underway! And the day when the impacts will be felt on the most vulnerable economy in this world, against all hope, I will say that I had something to do with it