fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows Malware Delays Coinminer Install by a Month to Evade Detection

Windows Malware Delays Coinminer Install by a Month to Evade Detection

A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries.

The fake applications are being distributed through legitimate free software sites, providing broad exposure to the malicious applications to both regular visitors of the sites and search engines.

According to a report by Check Point, the malware is created by a developer named ‘Nitrokod,’ which at first look appears to be clean of malware and provides the advertised functionality.

However, Check Point says the software purposely delays the installation of the malicious malware components for up to a month to evade detection.

Also Read: Email spoofing: Avoiding them through good cyber hygiene practices

The Nitrokod website
The Nitrokod website homepage

Unfortunately, Nitrokod’s offerings rank high in Google Search results, so the website acts as an excellent trap for users seeking a specific utility.

BleepingComputer has contacted Nitrokod’s administrator at the listed contact address, but we have not yet received a comment from them.

Additionally, as Check Point discovered, Nitrokod’s Google Translate applet was also uploaded on Softpedia, where it reached over 112,000 downloads.

malware app on softpedia
The malware app on Softpedia (Check Point)

Infection chain

Independently of which program is downloaded from the Nitrokod website, the user receives a password-protected RAR that evades AV detection and contains an executable named after the selected app.

Upon running the file, the software is installed on the user’s system along with two registry keys, a 

Also Read: PDPC: New guidance on personal data protection practices

Profiling the host and sending details to C2
Profiling the host and sending details to C2 (Check Point)

To avoid raising suspicions and to thwart sandbox analysis, the software activates a dropper from another encrypted RAR file fetched via Wget on the fifth day of the infection.

Next, the software clears all system logs using PowerShell commands and, after another 15 days, fetches the next encrypted RAR from “intelserviceupdate[.]com.”

Timeline of infection stages
Timeline of infection stages (Check Point)

The next-stage dropper checks for the presence of antivirus software, searches for processes that might belong to virtual machines, and eventually adds a firewall rule and an exclusion to Windows Defender.

Firewall rule to excempt malware communications from scrutiny
Firewall rule to exempt malware communications from scrutiny (Check Point)

Now that the device has been prepped for the final payload, the program loads the last dropper, which fetches another RAR file containing the XMRig mining malware, its controller, and a “.sys” file that has its settings.

The malware determines if it’s running on a desktop or laptop, then connects to its C2 (“nvidiacenter[.]com”) and sends a full host system report via HTTP POST requests.

Finally, the C2 responds with instructions such as whether to activate, how much CPU power to use, when to ping C2 again, or what programs to check for and exit if found.

The complete attack chain diagram
The complete attack chain diagram (Check Point)

How to stay safe

Crypto-mining malware can be a risk as it can damage hardware by causing hardware stress and overheating, and can impact the performance of your computer by using additional CPU resources.

Additionally, the malware droppers discovered by Check Point can swap the final payload with something much more dangerous at any time.

To protect yourself, avoid downloading apps that promise functionality not officially released by the original developer, such as a desktop version of the Google translate tool.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us