New Windows malware uses a cunning technique to avoid detection

Security attack
(Image credit: Shutterstock / ozrimoz)

Cybersecurity researchers have discovered a dangerous strain of crypto-mining malware, which has made its way onto Windows devices across the globe.

As detailed in a report from security firm Check Point, the malware is smuggled inside various legitimate-looking applications distributed via online marketplaces, including one disguised as an official Google Translate client.

Once downloaded, the apps delay the installation of malicious componentry for up to a month, in an attempt to evade antivirus and endpoint protection filters. Apparently, this technique has allowed the operation to go undetected for years.

Avoiding malware infection

Although cryptominers are not typically designed to steal data or encrypt files, like ransomware, an infection can create issues of a different kind for victims.

In addition to hindering device performance, because CPU resources are set aside for mining activity, an infection can also drive a material increase in energy consumption, which could prove particularly expensive in the current climate.

In this instance, the malware is concealed within multiple legitimate-looking applications listed on Softpedia, a repository of free software, under the author name Nitrokod Inc. TechRadar Pro has asked both Softpedia and Nitrokod for comment.

Due to the length of time the campaign has been active, some of the rigged programs have been downloaded by upwards of 100,000 people, the report states. And courtesy of multiple evasion techniques, including spacing out activity and establishing a firewall exclusion, the cryptominer is able to conduct its business without raising any alarms.

To guard against malware of this kind, web users are advised to download applications exclusively from reputable marketplaces, like Google Play or the Windows Store. Equally, although some strains are capable of side-stepping security services, installing a leading antivirus solution will increase the likelihood of catching an infection.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

TOPICS