top of page
Search

Crypto Miner malware disguised as Google translate desktop and other legitimate applications

Active since 2019, Nitrokod is a Turkish-speaking software developer that claims to offer free and safe software. Most of the programs Nitrokod offers are popular software that does not have an official desktop version. The applications are in fact, Trojanized and contain a delayed mechanism to unleash a long multi-stage infection that ends with a crypto mining malware




GROUP: MISP FEED


MALWARE FAMILY: Nitrokod


ATT&CK IDS: T1053 - Scheduled Task/Job, T1547 - Boot or Logon Autostart Execution, T1036 - Masquerading, T1049 - System Network Connections Discovery, T1070 - Indicator Removal on Host, T1560 - Archive Collected Data, T1002 - Data Compressed


Read More:

3 views

Comments


Commenting has been turned off.
bottom of page