Cybersecurity researchers have discovered a dangerous strain of crypto-mining malware, which has made its way onto Windows devices across the globe.
As detailed in a report (opens in new tab) from security firm Check Point, the malware is smuggled inside various legitimate-looking applications distributed via online marketplaces, including one disguised as an official Google Translate client.
Once downloaded, the apps delay the installation of malicious componentry for up to a month, in an attempt to evade antivirus and endpoint protection filters. Apparently, this technique has allowed the operation to go undetected for years.
Avoiding malware infection
Although cryptominers are not typically designed to steal data or encrypt files, like ransomware, an infection can create issues of a different kind for victims.
In addition to hindering device performance, because CPU resources are set aside for mining activity, an infection can also drive a material increase in energy consumption, which could prove particularly expensive in the current climate.
In this instance, the malware is concealed within multiple legitimate-looking applications listed on Softpedia, a repository of free software, under the author name Nitrokod Inc. TechRadar Pro has asked both Softpedia and Nitrokod for comment.
Due to the length of time the campaign has been active, some of the rigged programs have been downloaded by upwards of 100,000 people, the report states. And courtesy of multiple evasion techniques, including spacing out activity and establishing a firewall exclusion, the cryptominer is able to conduct its business without raising any alarms.
To guard against malware of this kind, web users are advised to download applications exclusively from reputable marketplaces, like Google Play or the Windows Store. Equally, although some strains are capable of side-stepping security services, installing a leading antivirus solution will increase the likelihood of catching an infection.
