Sneaky pretend Google Translate app installs crypto miners on 112,000 PCs

Crypto mining malware has been quietly attacking hundreds of thousands of computers worldwide since 2019, often masquerading as legitimate programs like Google Translate, according to new research.

In a Monday report by Check Point Research (CPR), the research team for American-Israeli cybersecurity provider Check Point Software Technologies revealed the malware had flight under the radar for years, thanks in part to its insidious design that delayed installation crypto mining malware for weeks after the initial software download.

Related to a Turkish-language software developer who claims to offer “free and secure software,” the malware program attacks PCs via fake desktop versions of popular apps like YouTube Music, Google Translate, and Microsoft Translate.

After the scheduled task mechanism triggers the malware installation process, it continues through several steps over several days, ending with Monero stealth (XMR) crypto mining operations are being set up.

The cybersecurity firm said that a Turkey-based crypto miner dubbed ‘Nitrokod’ had infected machines in 11 countries.

According to CPR, popular software download sites such as Softpedia and Uptodown have fakes available under the publisher name Nitrokod INC.

Some programs have been downloaded hundreds of thousands of times, such as the fake desktop version of Google Translate on Softpedia, which even has nearly a thousand reviews, averaging a star score of 9.3 out of 10, even though Google doesn’t have an official desktop. version for that program.

Screenshot by Check Point Research of the alleged fake app

According to Check Point Software Technologies, offering desktop versions of the app is an important part of the scam.

Most of the programs offered by Nitrokod do not have a desktop version, making fake software attractive to users who find the program not available elsewhere.

According to Maya Horowitz, vice president of research at Check Point Software, full malware forgeries are also available “with a simple web search.”

“What interests me most is the fact that malicious software is so popular it’s been under the radar for so long.”

At the time of writing, Nitrokod’s clone Google Translate Desktop program remains one of the top search results.

Design helps avoid detection

Malware is very difficult to detect, because even when users launch fake software, they are still not wiser because fake applications can also imitate the same functionality provided by legitimate applications.

Most hacker programs are easily built from official web pages using a Chromium-based framework, allowing them to deploy functional programs loaded with malware without developing them from scratch.

Related: 8 sneaky crypto scams on Twitter now

So far, more than a hundred thousand people across Israel, Germany, the UK, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have all fallen prey to the malware.

To avoid being scammed by this malware and its ilk, Horowitz, says some basic security tips can help reduce the risk.

“Beware of look-alike domains, misspellings on websites, and unknown email senders. Only download software from known authorized publishers or vendors and ensure your endpoint security is up-to-date and provides comprehensive protection.”