To avoid detection, Windows malware delays coinminer installation by a month.

A new malware campaign disguised as Google Translate or MP3 downloader programmes was discovered in 11 countries, distributing cryptocurrency mining malware.

The fake applications are distributed through legitimate free software sites, giving the malicious applications widespread exposure.

The malware was created by a developer known as 'Nitrokod,' and at first glance appears to be malware-free and to provide the advertised functionality.

the software purposefully delays the installation of the malicious malware components for up to a month.

BleepingComputer contacted Nitrokod's administrator at the listed contact address, but we have yet to hear back.

Regardless of which programme is downloaded from the Nitrokod website, the user receives a password-protected RAR that avoids detection by antivirus software.

On the fifth day of the infection, to avoid raising suspicions and thwarting sandbox analysis, the software activates a dropper from another encrypted RAR file obtained via Wget.

Stay Updated

Latest Stories!

Read More