Information security specialists from Check Point Research (CPR) have discovered Nitrokod malware that sneaks into computers under the guise of legitimate programs like Yandex.Translate and Google Translate and mines cryptocurrencies on infected devices.
It is noted that Turkish hackers operating since 2019 are behind the development of the virus. For several years of work, their virus miner managed to infect 111 thousand devices from 11 different countries.
Nitrokod is distributed through freeware repositories for Windows like Softpedia and Uptodown. The virus is loaded on them mainly under the guise of translators from Google, Yandex and Microsoft. In addition, CPR found samples of Nitrokod in programs masquerading as YouTube Music, MP3 Download Manager and PC Auto Shutdown.
One of the biggest problems in detecting Nitrokod is that its malicious features do not activate immediately, but weeks after installation. Until then, host programs perform only legitimate functions.