XMRig hidden in another app - google translator

o48o

legendary

Activity: 2856

Merit: 1130

Leading Crypto Sports Betting & Casino Platform

Quote from: vv181 on September 07, 2022, 06:54:49 AM

Antivirus software and viruses/malware are in a whack-a-mole situation, but that doesn't mean using antivirus is not giving you a benefit at all. It comes different when the user trying to be a power user or bypassing the antivirus security system due to might be a false flag or just simply an ignorance. A malware that is fashioned to be an antivirus is surely an ironic thing, but one can try to find a reputable and battle-tested antivirus officially, to prevent those kinds of things.

What i mean is that windows own anti-virus system is so powerful at this point that i wouldn't recommend a 3rd party system messing things up. That's all i am saying. But there's no system that would keep users safe when users see warnings as false positives and launch .exes anyway that antivirus tries to block.

Just NOT downloading any weird obscure software keeps newbs way safer than any 3rd party free or paid antivirus software out there. It's really hard to build idiot-proof systems when the idiots have a say what's better for their data safety.

jrrsparkles

sr. member

Activity: 2380

Merit: 251

Eloncoin.org - Mars, here we come!

Quote from: PawGo on September 06, 2022, 03:34:44 AM

It seems that recently it is very fashionable to "hide" xmrig miner in different kinds of software. It was in python libraries downloaded as a dependency (https://bitcointalksearch.org/topic/m.60763132), recently it was found that Turkish campaign "Nitrokod" infected several "free" apps.
Programs were in fact "wrapped" web pages for popular webservices, so development was quite easy and allowed to have wider range of software covered.

More details:
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

Antivirus even along with web security features may not be helpful in such cases because generally they detect the existing threats so when something new the anti virus may not do anything for a while.

So we need to be aware of such security threats especially when we arr using the device where our crypto wallets installed.

vv181

legendary

Activity: 1932

Merit: 1273

Quote from: o48o on September 06, 2022, 03:27:55 PM

Quote from: PawGo on September 06, 2022, 03:34:44 AM

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

I wouldn't trust anti-virus scanners on this as they come behind the viruses. Not only they could have miners working in background. They could have wallet stealers and keyloggers. All they need is to get one right person affected and it pays off for them.

Antivirus software and viruses/malware are in a whack-a-mole situation, but that doesn't mean using antivirus is not giving you a benefit at all. It comes different when the user trying to be a power user or bypassing the antivirus security system due to might be a false flag or just simply an ignorance. A malware that is fashioned to be an antivirus is surely an ironic thing, but one can try to find a reputable and battle-tested antivirus officially, to prevent those kinds of things.

o48o

legendary

Activity: 2856

Merit: 1130

Leading Crypto Sports Betting & Casino Platform

Quote from: PawGo on September 06, 2022, 03:34:44 AM

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

I wouldn't trust anti-virus scanners on this as they come behind the viruses. Not only they could have miners working in background. They could have wallet stealers and keyloggers. All they need is to get one right person affected and it pays off for them.

I am always assuming if i get warez or programs from unknown sources that they have viruses. I am using a virtual enviroment for them if i need to install one and keep my computer with my real email and

I get a lot of people in twitter telling me they want to buy promotion from me with a good price. They send me something that look like contract documents or something like that in .rar packages but after closer look they have another extention after .doc extention. (aka viruses)

I am betting people are falling these a lot because they keep doing this scam.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Sounds like it qad very simple to make. I'm surprised it's worked and is on desktop though - I thought apps might be harder to find especially without advertisement.

Antivirus is good with known threats and lesser known software (and to track when some programmes are using too many system resources) but I don't think it'd have helped in this case as the app was downloaded from a fairly random source anyway and users might just override the antivirus if they did want the app to work.

joniboini

legendary

Activity: 2170

Merit: 1789

Even if there is no hidden miner script, anyone should never download from a third-party website like that. Even Google explicitly states there is no desktop version of their translation service. Don't rely too much on antivirus too, most of the time we can just avoid any trouble if we research for a bit.

PawGo

legendary

Activity: 952

Merit: 1367

It seems that recently it is very fashionable to "hide" xmrig miner in different kinds of software. It was in python libraries downloaded as a dependency (https://bitcointalksearch.org/topic/m.60763132), recently it was found that Turkish campaign "Nitrokod" infected several "free" apps.
Programs were in fact "wrapped" web pages for popular webservices, so development was quite easy and allowed to have wider range of software covered.

More details:
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

Topic: XMRig hidden in another app - google translator (Read 72 times)