Friday, February 3, 2023
HomeDigit NewsFake Google Translate app secretly installs Monero mining malware on over 100,000...

Fake Google Translate app secretly installs Monero mining malware on over 100,000 PCs

This malware called the ‘Nitrokod’ has been created by a Turkey-related entity as a desktop application for Google Translate.

A crypto-mining malware disguised as a Google Translate app has recently come to light by infiltrating thousands of computers. According to a study by Check Point Research (CPR), this malware, named ‘Nitrokod’, was developed by a Turkey-affiliated organization as a Google Translate desktop application. Several people ended up downloading this app on their PC due to the lack of Google’s official desktop app for translation services. This app, once installed, later sets up an elaborate crypto-mining operation on the infected PCs.

Once the app is downloaded onto a computer, the malware installation process is triggered via a scheduled task mechanism. Upon completion, this malware sets up a sophisticated Monero cryptocurrency mining setup based on the energy-intensive Proof-of-Work (PoW) mining model.

This gives the person responsible for this campaign hidden access to the infected computers in order to trick users and later damage the computers.

Download Link

“Once the malware has executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can easily be found via Google when users search for “Google Translate Desktop Download”. The applications are trojanized and contain a delayed mechanism to trigger a long, multi-stage infection,” CPR said in its report.

To date, PCs in at least 11 countries have been compromised by Nitrokod malware, which has been in circulation since 2019.

CPR has posted updates and alerts on this crypto mining campaign on Twitter.

Recently, the crypto sector has become a popular means of fraud among cybercriminals.

Scammers have used the public’s trust in popular tech brands like LinkedIn, Twitter, and Google to single out and beat up their victims.

Crypto scams using “Unicode letters” as well as “honeypot accounts” have also increased in frequency recently, cyber researcher Serpent noted in his Twitter thread.

In the first case, scammers replace URLs to legitimate websites with infected ones they create. Characters in the infected URLs are styled to match those in the genuine links. Once the target enters the fake website and reveals their credentials, their assets get closer to the scammer’s control who eventually snatches them from the wallet.


Samsung Galaxy S23 series launched in India at this price, equipped with 200MP camera, 12GB RAM

Samsung Galaxy S23 series launched in India at this price, equipped...

The company launched the Samsung Galaxy S23 series on Wednesday. The new Samsung Galaxy S23, Galaxy S23+ and Galaxy S23 Ultra smartphones were launched...
- Advertisment -


Two Wheeler

Digit News