Jeff Burt reports:
Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.
The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or weeks before its hidden Monero-crafting code is executed.
It’s said that the Turkish-speaking group behind Nitrokod – which has been active since 2019 and was detected by Check Point Research threat hunters at the end of July – may already have infected thousands of systems in 11 countries. What’s interesting is that the apps provide a desktop version to services generally only found online.
Read more at The Register.