Hidden mining program infects about 100,000 computers

Security experts from Check Point Research have detected a malicious program specializing in hidden cryptocurrency mining — about 100,000 computers in 11 countries were infected.

As the researchers found out, the Nitrokod malware worked under the guise of popular free applications such as Google Translate, YouTube Music, and Microsoft Translator. The hackers installed hidden mining tools in clone apps and mined cryptocurrency without the knowledge of device owners.

According to Check Point Research, Nitrokod is owned by hackers from Turkey who specialize in creating clones of popular apps. Fraudulent developers copy the interface of any software and embed malicious links in it. Thus, when users search for the necessary program to download, they often end up on copycat applications without even knowing it.

By infecting other people’s devices, hackers manage to mine millions of dollars a month — in the second half of 2022, the profit from cryptojacking increased by 30% compared to the same period in 2021. Researchers found that in 6 months, attackers managed to mine $ 66.7 million worth of cryptocurrency. And in January, hackers set a record by mining $ 18.4 million in just one month.