A terrifying malware campaign has reportedly been launched targeting users via fake apps that mimic popular Google apps. The malware has infected thousands of computers worldwide, as reported by Check Point Research (CPR), the research team of US-Israeli cybersecurity provider Check Point Software Technologies. The research team detected Monero mining malware named “Nitrokod”, which has infected computers in 11 countries since 2019. The research team reported the malware attacks via fake apps on desktop versions of popular Monero apps. Google like YouTube Music, Google Translate, and Microsoft Translate. One can download these fake apps from several free software download websites, like Softpedia and Uptodown.
The research team has executed their study on the fake Google Translate desktop application. The research team is quoted as saying, “Most of the programs Nitrokod offers are popular software that do not have an official desktop version. For example, the most popular Nitrokod program is the Google Translate desktop application. Google has not released an official desktop version, making the attackers’ version very appealing.”
The study further shares that the malware campaign has not been detected due to its operational ways. Instead of launching an attack right after the initial download of the software, the malware follows a scheduled task mechanism to carry out the installation of the malware over several days and remove traces of its installation.
Surprisingly, hackers create fake apps from the original source’s official web pages using a Chromium-based framework that allows them to carry functional programs.
According to Check Point, almost one hundred thousand victims in Australia, Cyprus, Greece, Germany, Israel, Mongolia, Sri Lanka, Poland, Turkey, the United Kingdom and the United States have been infected by mining Monero (XMR) with their CPU (Central Processing Unit).