Spoofed Google Translate App Sneakily Installs Monero Mining Malware on Over 1 Lakh PCs

This malware called the ‘Nitrokod’ has been created by a Turkey-related entity as a desktop application for Google Translate.

Written by Radhika Parashar, Edited by Richa Sharma | Updated: 1 September 2022 15:43 IST

Spoofed Google Translate App Sneakily Installs Monero Mining Malware on Over 1 Lakh PCs

Photo Credit: Bloomberg

The Nitrokod malware has been in circulation since 2019

Highlights

The malware installs Monero mining set-up
Monero uses PoW mining model
The controller of this campaign may get access to infected PCs

A crypto mining malware, disguised as a Google Translate app, has come to light recently for having forayed into thousands of computers. As per a study by Check Point Research (CPR), this malware called the ‘Nitrokod' has been created by a Turkey-related entity as a desktop application for Google Translate. Several people have ended up downloading this app on their PCs in the absence of Google's official desktop app for Translate services. This app, once installed, later establishes elaborate crypto mining operation set-up on the infected PCs.

Once the app is downloaded on a computer, the malware installation process is triggered via a scheduled task mechanism. Upon completion, this malware puts in place a sophisticated mining set-up for the Monero cryptocurrency, which is based on the energy-intensive proof-of-work (PoW) mining model.

This gives the controller of this campaign, hidden access to the infected computers to scam users and later damage the machines.

Andreessen Horowitz Wants to Help Plug NFT Copyright Confusion: Here's How

“After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download'. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection,” CPR said in its report.

As for now, PCs across at least eleven nations have been compromised via Nitrokod malware that has been in circulation since 2019.

CPR has posted updates and alerts about this crypto mining campaign on Twitter.

FTX CEO Sam Bankman-Fried Denies Rumours of Trying to Buy Huobi

.@_CPResearch_ detected a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details, here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O
— Check Point Software (@CheckPointSW) August 29, 2022

Nitrokod crypto miner infected systems across 11 countries since 2019: Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based… https://t.co/RBLezgXhcD pic.twitter.com/WK8dKE4W1x
— Shah Sheikh (@shah_sheikh) August 29, 2022

In recent times, the crypto sector has become a popular means for scamming among cyber criminals.

Scammers have been using the public trust on popular tech brands like LinkedIn, Twitter, and Google to fish out their victims and strike them.

Crypto scams via ‘unicode letters' as well as ‘honeypot accounts' have also increased in frequency in recent times, cyber researcher Serpent noted in his Twitter thread.

In the former, scammers replace URLs to legitimate sites with infected ones created by them. Characters in the infected URLs are made to look like the ones in the real links. Once the target enters the fake website and gives away their login information, their assets come closer to being under the control of the scammer, who eventually drains it off the wallet.

This week, we discuss Android 13 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, Google Translate App, Monero Mining, Malware

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More