Nitrokod Malware Drops Cryptominer


Nitrokod is the name of a newly discovered piece of malware. Nitrokod is the first-stage tool in a long-term infection chain that culminates with the downloading of a cryptomining tool on the victim's system.

Unlike most similar malicious tools that act as droppers for further tools, Nitrokod plays the long game. To avoid detection inside sandbox environments, Nitrokod stays dormant for weeks on end - much longer than any random malware is likely to be continually reviewed inside a sandbox. Once the timer ticks down, Nitrokod downloads a variant of the open-source XMRIG miner tool.

Nitrokod has further evasive capabilities that allow it to interrupt its operation and delete itself and all traces of its existence if it detects a sandboxed environment or the presence of an antivirus application.

The miner tool that it eventually deploys will exert significant strain on the targeted system's hardware and lead to slowdowns and serious performance issues.

Nitrokod was spotted hiding in installer packages claiming to contain Google Translate Desktop.

Due to the tricky tactics Nitrokod employs, the best defense against similar malicious tools remains a robust and up-to-date anti-malware suite.

August 31, 2022