While advertising desktop versions of well-known apps, a crypto mining effort from Turkey has been found infecting thousands of PCs. This campaign’s offender is known as “Nitrokod.”
Nitrokod is a Turkish-speaking software company that has been operating since 2019 and promotes its free and secure software. The majority of the programs Nitrokod provides are well-known apps without a formal desktop version. For instance, the desktop version of Google Translate is the most used Nitrokod application. Since Google hasn’t made a desktop version available, the hackers’ version is quite tempting.
Over 111,000 individuals have been infected by Nitrokod in 11 countries so far.
Malware operation
Free software that is hosted on websites like Uptodown and Softpedia is used by the campaign to spread malware. Every dropper in the executable’s four-stage attack chain pulls the one after it. In the seventh stage, this ultimately results in the download of actual malware (XMRig) falling.
The victims of the campaign are spread throughout a number of nations, including the United Kingdom, Sri Lanka, the United States, Greece, Australia, Israel, Turkey, Cyprus, Mongolia, Poland, and Germany.
The creators of Nitrokod segregate destructive activities from the Nitrokod program that was initially downloaded in order to escape detection:
- Nearly a mo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: