Thousands of devices across 11 countries have been impacted by the Nitrokod cryptomining malware, reports The Record, a news site by cybersecurity firm Recorded Future.
Nitrokod is being distributed by Turkish threat actors through free PC software download sites, one of which offers a fraudulent Google Translate desktop app, according to a Check Point report. "The malicious tools can be used by anyone. They can be found by a simple web search, downloaded from a link, and installation is a simple double-click. We know that the tools are built by a Turkish-speaking developer. Currently, the threat we identified was unknowingly installing a cryptocurrency miner, which steals computer resources and leverages them for the attacker to monetize on," said Check Point Vice President of Research Maya Horowitz.
The report also showed that Nitrokod has remained under the radar for years through a delayed malware release mechanism, which involves deployment days or weeks after the initial program download.
"The infection chain continued after a long delay using a scheduled task mechanism, giving the attackers time to clear the evidence," said researchers.
Threat actors using Nitrokod could also modify the attack's final payload, they added.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds