How this crypto-mining malware infected PCs through fake Google Translate app
Recently, a crypto mining malware which was disguised as a Google Translate app, has been foraying into thousands of computers. According to a study by Check Point Research (CPR), this malware called the “Nitokod” has been developed by a Turkey based entity as a desktop application for Google Translate.
Many Google users have downloaded this app on their PCs in the absence of Google’s official desktop app for Translate services. Once this app is downloaded it establishes elaborate crypto mining operation set-up on the infected devices.
After the downloading of this malicious app, the malware installation process is triggered via a scheduled task mechanism. Later, this harmful malware puts in place a sophisticated mining setup for the Monero cryptocurrency based on the energy-intensive proof of work mining model. As a consequence, it provides the controller of this campaign, hidden access to the infected computers to scam users and later damage the systems.
The CPR report claims, “After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download’. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection.”
Reportedly, till now machines across at least 11 nations have been compromised via Nitrokod malware that was circulated from 2019. CPR has also posted updates and alerts about the crypto mining campaign on Twitter.
To recall, in a similar move earlier this year, Joker malware infected 50 apps on the Google Play Store, according to Zscaler Threatlabz. Google swiftly removed them from its app…
