Cybersecurity researchers have discovered a dangerous strain of cryptomining malware, which has made its way onto Windows devices around the world.
As detailed in a report (opens in a new tab) from security firm Check Point, the malware is smuggled into several legitimate-looking apps distributed through online marketplaces, including one disguised as an official Google client translate.
Once downloaded, the applications delay the installation of malicious components for up to a month in an effort to evade antivirus and endpoint protection filters. Apparently, this technique allowed the operation to go unnoticed for years.
Avoid malware infection
Although cryptominers are generally not designed to steal data or encrypt files like ransomware, an infection can create other problems for victims.
In addition to hampering device performance, since CPU resources are reserved for mining activity, an infection can also lead to a significant increase in power consumption, which could be particularly costly in the current climate.
In this case, the malware is hidden in several legitimate-looking applications listed on Softpedia, a free software repository, under the authorship of Nitrokod Inc. TechRadar Pro asked Softpedia and Nitrokod for comments.
Due to the duration of the campaign activity, more than 100.000 people downloaded some of the counterfeit software, according to the report. And through multiple evasion techniques, including spacing activities and setting a firewall exclusion, the crypto miner can carry out their activities without raising an alarm.
To protect against such malware, Internet users are advised to download applications only from reputable marketplaces, such as Google Play or the Windows Store. Similarly, although some strains are able to evade security services, installing an advanced antivirus solution will increase the likelihood of infection.