Spoofed Google Translate App Sneakily Installs Monero Mining Malware on Over 1 Lakh PCs
This malware called the ‘Nitrokod’ has been created by a Turkey-related entity as a desktop application for Google Translate.
Advertisement
Written by Radhika Parashar, Edited by Richa Sharma | Updated: 1 September 2022 15:43 IST
Highlights
The malware installs Monero mining set-up
Monero uses PoW mining model
The controller of this campaign may get access to infected PCs
The Nitrokod malware has been in circulation since 2019
Photo Credit: Bloomberg
A crypto mining malware, disguised as a Google Translate app, has come to light recently for having forayed into thousands of computers. As per a study by Check Point Research (CPR), this malware called the ‘Nitrokod' has been created by a Turkey-related entity as a desktop application for Google Translate. Several people have ended up downloading this app on their PCs in the absence of Google's official desktop app for Translate services. This app, once installed, later establishes elaborate crypto mining operation set-up on the infected PCs.
Once the app is downloaded on a computer, the malware installation process is triggered via a scheduled task mechanism. Upon completion, this malware puts in place a sophisticated mining set-up for the Monero cryptocurrency, which is based on the energy-intensive proof-of-work (PoW) mining model.
This gives the controller of this campaign, hidden access to the infected computers to scam users and later damage the machines.
“After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download'. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection,” CPR said in its report.
As for now, PCs across at least eleven nations have been compromised via Nitrokod malware that has been in circulation since 2019.
Nitrokod crypto miner infected systems across 11 countries since 2019: Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based… https://t.co/RBLezgXhcDpic.twitter.com/WK8dKE4W1x
In recent times, the crypto sector has become a popular means for scamming among cyber criminals.
Scammers have been using the public trust on popular tech brands like LinkedIn, Twitter, and Google to fish out their victims and strike them.
Crypto scams via ‘unicode letters' as well as ‘honeypot accounts' have also increased in frequency in recent times, cyber researcher Serpent noted in his Twitter thread.
In the former, scammers replace URLs to legitimate sites with infected ones created by them. Characters in the infected URLs are made to look like the ones in the real links. Once the target enters the fake website and gives away their login information, their assets come closer to being under the control of the scammer, who eventually drains it off the wallet.
Crypto Price Today: Bitcoin Steady at $83,000, Altcoins See Mixed Moves Amid Market Fluctuations19 March 2025
Search
