Connect with us


Google;’Monero Mining Malware’ Tops Google Search Results

Avatar of Salman Ahmad



'Monero Mining Malware' Tops Google Search Results

(CTN News) – The first Monero Mining Malware campaign has been detected inside fake Google apps placed prominently in search results

Users searching for applications have been infected by an insidious malware campaign that mines the privacy-focused cryptocurrency monero (XMR).

Nitrokod probably isn’t familiar to you. A cyber intelligence firm based in Israel discovered the malware last month.

Having found remarkable success at the top of Google search results for ” Translate desktop download,” the firm said Nitrokod initially disguises itself as a free software.

Since 2017, when crypto’s popularity rose, mining malware has been used to infiltrate unsuspecting users’ machines.

In November 2012, CPR detected the well-known cryptojacking malware CoinHive, which also mined XMR.

An end-user’s CPU resources were stolen by CoinHive without their knowledge.

During its peak, the malware generated $250,000 a month, most of it going to a handful of people.

According to CPR, Nitrokod was deployed by a Turkish-speaking entity in 2019. Through seven stages, it avoids detection by antivirus programs and system defenses.

Malware is easily dropped in top Google search results. Fake apps come from two main sources. To learn how filters these threats, we’ve reached out to them.

After downloading the application, an installer executes a delayed dropper and continuously updates itself on every restart. On the fifth day, the delayed dropper extracts an encrypted file.

Nitrokod then schedules tasks, clears logs, and adds exceptions to antivirus firewalls once 15 days have passed.

Powermanager.exe is then surreptitiously dropped onto the infected machine and starts mining Monero using XMRig (the same one used by CoinHive).

According to the report, the attackers delayed the infection process for weeks after the initial software installation.

At the end of CPR’s threat report, you can find clean machines infected with Nitrokod.

How do I open my Google search?

  1. Go to your Google Account.
  2. On the left navigation panel, click Data & privacy.
  3. Under “History settings,” click My Activity.
  4. To view your activity: Browse your activity, organized by day and time. At the top, use the search bar and filters to find specific activity.

SEE Also:

WorkinTool PDF Converter Ultimate Review

New Redmi Pad 4G Specs Revealed Following 3C Certification

Mega Millions Winning Numbers For August 30, 2022: Jackpot $153 Million


Continue Reading