top of page
Search
Writer's pictureStormsec

Crypto Miner malware disguised as Google translate desktop and other legitimate applications

Active since 2019, Nitrokod is a Turkish-speaking software developer that claims to offer free and safe software. Most of the programs Nitrokod offers are popular software that does not have an official desktop version. The applications are in fact, Trojanized and contain a delayed mechanism to unleash a long multi-stage infection that ends with a crypto mining malware




GROUP: MISP FEED


MALWARE FAMILY: Nitrokod


ATT&CK IDS: T1053 - Scheduled Task/Job, T1547 - Boot or Logon Autostart Execution, T1036 - Masquerading, T1049 - System Network Connections Discovery, T1070 - Indicator Removal on Host, T1560 - Archive Collected Data, T1002 - Data Compressed


Read More:

3 views

댓글


댓글 작성이 차단되었습니다.
bottom of page