Crypto malware masquerading as the Google Translate app infects thousands of PCs

Crypto malware masquerading as the Google Translate app infects thousands of PCs

Malware designed to mine cryptocurrency has spread across hundreds of devices under the guise of a Google Translate app.

The malicious software, referred to as “Nitokod,” was designed as a desktop application for Google Translate and was built by an organization located in Turkey, according to Check Point Research (CPR) on August 29.

In the absence of an official desktop client for Google Translate services, a large number of Google users have downloaded this program on their computers. Once this program is installed on a smartphone, it immediately starts setting up a sophisticated cryptocurrency mining business on that device.

After downloading this malicious application, the process of installing the malware is started using a scheduled task mechanism. At a later stage, this malicious software installs a complex mining rig for Monero (XMR) cryptocurrency.

Chain of infection. Source: Check Point

Mining software uses Proof of Work

The mining software is based on the Proof of Work (PoW) mining concept, which uses a significant amount of electricity. As a result, it gives the controller of this campaign covert access to the computers that have been infected, allowing them to trick people and then cause damage to the systems.

The CPR report claims: “After the malware is executed, it connects to the C&C server to get a configuration for the XMRig cryptominer and starts mining activity. The software can easily be found through Google when users search for “Google Translate Desktop download”. The applications are trojanized and contain a delayed mechanism to unleash a long multi-stage infection.”

According to reports, the Nitrokod malware has affected machines in at least 11 countries since its distribution in 2019. CPR has also tweeted updates and warnings regarding its cryptomining efforts.

According to Zscaler Threatlabz, the Joker virus, another piece of malware, infected 50 apps on the Google Play Store earlier this year using a similar approach. They were quickly deleted from Google’s app store. According to the Zscaler ThreatLabz team, the Joker, Facestealer and Coper malware families were discovered to propagate via applications.

When the ThreatLabz team immediately informed the Google Android Security team about these newly identified dangers, the malicious applications were quickly removed from the Google Play Store.

But while many people in crypto are concerned about reports of possible fraud, a recent study has shown that fraud revenue from cryptocurrency fell by 65% ​​and has been declining.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *