Researchers from Checkpoint research have discovered a piece of cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, available on free software download sites and through Google searches. This malware has been around for several years without being detected and has infected over 150,000 computers. This particular piece of malware operates as a Crypto miner, which secretly exploits the computing power of an infected device to mine for cryptocurrency; however, the operators could remotely turn it into Ransomeware, or worse, at the flick of a switch. Here is everything you need to know to stay safe:
How Does The Attack Work?
- You search for a popular service to download to your computer, such as Google Translate, Yandex Translate, Microsoft Translate, YouTube Music, etc.
- You click on a website from the google search results (like the one in the image above).
- You are taken to a third-party website claiming to have the software you want.
- You download and install what you think is legitimate software.
- Your computer is now infected with malware that allows the operator to turn your computer into a crypto miner or worse
How To Defend Yourself?
- First, Google Translate, Yandex Translate, Microsoft Translate, YouTube Music, MP3 Download Manager, and Pc Auto Shutdown do not have desktop versions of their software, so any website offering them as a download is fake.
- To protect yourself from this particular malware campaign, never download from a website named ‘Nitrokod.’ The main website that distributes the malware is Nitrokod[.]com. Avoid this website at all costs.
- Avoid these websites as well. They are 100% malware delivery websites: Intelserviceupdate[.]com, nvidiacenter[.]com
- Only download software from their official websites or reputable third-party websites. If you are not sure if you can trust a download provider, send me the link, and our team will tell you if you can trust them or not.
Please share this tip far and wide, and let me know if you need help.
Thanks and best regards,
Incognito Privacy Care Team