Thousands of devices across 11 countries have been impacted by the Nitrokod cryptomining malware, reports The Record, a news site by cybersecurity firm Recorded Future.
Nitrokod is being distributed by Turkish threat actors through free PC software download sites, one of which offers a fraudulent Google Translate desktop app, according to a Check Point report. "The malicious tools can be used by anyone. They can be found by a simple web search, downloaded from a link, and installation is a simple double-click. We know that the tools are built by a Turkish-speaking developer. Currently, the threat we identified was unknowingly installing a cryptocurrency miner, which steals computer resources and leverages them for the attacker to monetize on," said Check Point Vice President of Research Maya Horowitz.
The report also showed that Nitrokod has remained under the radar for years through a delayed malware release mechanism, which involves deployment days or weeks after the initial program download.
"The infection chain continued after a long delay using a scheduled task mechanism, giving the attackers time to clear the evidence," said researchers.
Threat actors using Nitrokod could also modify the attack's final payload, they added.
More robust cybersecurity rules are being considered by the Australian government following the large data breach at Optus, the nation's second-largest wireless carrier, which has compromised 9.8 million individuals' data, according to The Associated Press.
Threat actors have been spreading the information-stealing malware-as-a-service Erbium as phony video game cracks and cheats in an effort to facilitate credential and cryptocurrency wallet theft, according to BleepingComputer.