- Nitrokod yog tam sim no featured nyob rau sab saum toj ntawm Google tshawb nrhiav rau cov apps nrov, suav nrog Txhais Lus
- Cov malware ua phem rau mines monero siv cov neeg siv cov khoom siv hauv computer, echoing ib zaug-prolific CoinHive
Ib qho kev tawm tsam malware insidious tsom rau cov neeg siv tshawb nrhiav Google daim ntawv thov tau kis ntau txhiab lub khoos phis tawj thoob ntiaj teb kom kuv tus kheej tsom mus rau crypto monero (XMR).
Tej zaum koj twb tsis tau hnov txog Nitrokod. Israeli-based cyber Intelligence firm Check Point Research (CPR) poob rau lub hli tas los.
Nyob rau hauv ib tug ceeb toom rau hnub Sunday, lub tuam txhab tau hais tias Nitrokod pib npog nws tus kheej li software dawb, tau pom qhov ua tau zoo tshaj plaws nyob rau sab saum toj ntawm Google tshawb nrhiav rau "Google Translate desktop download."
Kuj tseem hu ua cryptojacking, mining malware tau siv los nkag mus rau cov neeg siv tsis xav txog lub tshuab txij li tsawg kawg 2017, thaum lawv tau nce mus rau qhov tseem ceeb ntawm crypto txiaj.
CPR yav dhau los tau kuaj pom tus paub zoo cryptojacking malware CoinHive, uas tseem mined XMR, thaum lub Kaum Ib Hlis xyoo ntawd. CoinHive tau hais tias yuav nyiag 65% ntawm tus neeg siv kawg tag nrho cov peev txheej CPU tsis muaj lawv txoj kev paub. Kev kawm suav cov malware tau tsim $ 250,000 ib hlis ntawm nws qhov siab tshaj plaws, nrog rau feem ntau ntawm nws mus rau tsawg dua kaum tus neeg.
Raws li rau Nitrokod, CPR ntseeg tias nws tau siv los ntawm ib lub koom haum hais lus Turkish qee zaum hauv 2019. Nws ua haujlwm hla xya theem thaum nws txav mus raws nws txoj hauv kev kom tsis txhob pom los ntawm cov kev pabcuam tiv thaiv kab mob thiab kev tiv thaiv kab mob.
"Lub malware tau yooj yim poob los ntawm software pom nyob rau sab saum toj Google tshawb nrhiav rau cov ntawv thov raug cai," lub tuam txhab tau sau rau hauv nws daim ntawv tshaj tawm.
Softpedia thiab Uptodown tau pom tias yog ob qhov chaw loj ntawm cov ntawv thov cuav. Blockworks tau hu rau Google kom paub ntau ntxiv txog yuav ua li cas nws lim cov kev hem thawj no.
Tom qab rub tawm daim ntawv thov, tus installer executes ib tug qeeb dropper thiab tsis tu ncua hloov tshiab nws tus kheej ntawm txhua restart. Hnub thib tsib, tus ncua sij hawm tshem tawm cov ntaub ntawv encrypted.
Cov ntaub ntawv tom qab ntawd pib Nitrokod cov theem kawg, uas teev txog kev teem sijhawm ua haujlwm, tshem tawm cov cav thiab ntxiv kev zam rau antivirus firewalls ib zaug 15 hnub tau zuam los ntawm.
Thaum kawg, crypto mining malware "powermanager.exe" yog surrepticiously poob mus rau lub tshuab muaj kab mob thiab teeb tsa txog kev tsim crypto siv qhib qhov chaw Monero-based CPU miner XMRig (tib yam siv los ntawm CoinHive).
"Tom qab kev teeb tsa software thawj zaug, cov neeg tawm tsam ncua kev kis tus kab mob rau lub lis piam thiab tshem tawm cov kab mob los ntawm kev teeb tsa thawj zaug," lub tuam txhab tau sau rau hauv nws daim ntawv tshaj tawm. "Qhov no tau tso cai rau kev sib tw ua tiav hauv radar rau xyoo."
Cov ntsiab lus ntawm yuav ua li cas ntxuav cov tshuab muaj kab mob Nitrokod tuaj yeem nrhiav tau ntawm kawg ntawm CPR tsab ntawv ceeb toom hem.
Tau txais cov xov xwm zoo tshaj plaws niaj hnub crypto thiab kev nkag siab xa mus rau koj lub inbox txhua hmo. Sau npe yuav Blockworks' tsab ntawv xov xwm pub dawb tam sim no.
Tau qhov twg los: https://blockworks.co/monero-mining-malware-finds-success-at-top-of-google-search/