Crypto Mining Malware Invades 112,000 PCs As Legitimate Software

Thousands of global computers have been invaded by crypto mining malware. This particular malware has been running since 2019 and is using these computers for mining the privacy coin Monero (XMR).

Crypto mining malware

Last Monday, a report was published by Check Point Research, which shed light on the activities of a cryptocurrency mining malware, which has not been detected for years.

The functional design of the malware allowed it to escape detection because it is not installed immediately with the initial software. Instead, it is installed weeks after the download of the initial software.

This particular malware is associated with a software developer who speaks Turkish and claims to offer people free and secure software.

The malware utilizes fake desktop versions of prominent apps, such as Google Translate, Microsoft Translate and YouTube Music for invading the PCs.

The malware program is installed in the PCs after a scheduled task mechanism. It takes several days for the installation process to complete after which it begins its secret Monero mining operation.

According to the research, computers in about 11 countries had been affected due to the crypto mining malware.

The research further disclosed that fake versions of top downloading sites had also been created by the malware, such as Softpedia and Uptodown.

There were hundreds of thousands of downloads of the malware program. Softpedia has about one thousand views of the fake desktop version of Google Translate and it also has a 9.3 out of 10 rating.

The design

Detecting the said malware is not that easy. Even after the fake software has been launched by the PC user, they would still not be able to find anything wrong.

This is because the fake app would continue to function in the same way as the legitimate app and also offer the same features and functions.

The official web pages can be used for creating most of the programs that the hacker runs with the use of a Chromium-based framework.

In this way, they can cut down their effort because they do not have to build the program from scratch. Instead, all they have to do is add the malware to functional programs.

The impact

As mentioned earlier, the malware program has invaded PCs in across 11 countries and almost one hundred thousand people have become its victims.

The countries where the malware program has been active include the United Kingdom, the United States, Germany, Greece, Cyprus, Mongolia, Turkey, Sri Lanka and Australia.

Security tips have been provided to PC users in order to help them in getting scammed by the malware and other similar programs.

Some of these tips include looking for errors in website spellings, fake domain names, and emails received from unknown sources.

Moreover, it has also been recommended that PC users should only download programs from authorized vendors and locations, or well-known publishers.

Apart from that, the users also need to ensure that their endpoint security remains updated and there should also be comprehensive oversight.