Fake Google Translate App Installs Crypto Miner On PCs

Fake Google Translate app installs crypto miner on PCs according to a new study that says that the malware has infiltrated hundreds of millions of computers worldwide since 2019.

Check Point Software Technologies discovered the virus has been operating undetected for years in a paper released on Monday by Check Point Research (CPR), a research team for the American-Israeli cybersecurity firm. This is in part due to the malware’s cunning design, which postpones the installation of the crypto mining malware for weeks after the original software download.

.@_CPResearch_ detected a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details, here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O

— Check Point Software (@CheckPointSW) August 29, 2022

The malicious application, which is linked to a Turkish-speaking software developer who claims to offer “free and secure software,” infiltrates PCs via fake desktop versions of popular programs such as YouTube Music, Google Translate, and Microsoft Translate. The Fake Google Translate app installs crypto miner on PCs has infected millions computers in the world so far.

Once a scheduled task mechanism initiates the malware installation process, it proceeds through various phases over several days, culminating in the establishment of a covert Monero (XMR) crypto mining operation.

According to the cybersecurity firm, the Turkish-based crypto miner called ‘Nitrokod’ has infected PCs in 11 nations.

According to CPR, forgeries were offered on prominent software downloading sites such as Softpedia and Uptodown under the publication name Nitrokod INC.

Some of the apps had been downloaded hundreds of thousands of times, such as the bogus desktop version of Google Translate on Softpedia, which had almost a thousand reviews and a star rating of 9.3 out of 10, despite the fact that Google does not have an official desktop version for that software.

Offering a desktop version of programs is a significant component of the scam, according to Check Point Software Technologies.

Most Nitrokod apps do not have a desktop version, making the counterfeit software enticing to customers who believe they have discovered a program that is not accessible anywhere else.

According to Check Point Software’s vice president of research, Maya Horowitz, the malware-infected fakes are also available “through a simple web search.”

“What’s most interesting to me is the fact that the malicious software is so popular, yet went under the radar for so long.”

As of this writing, Nitrokod’s spoof Google Translate Desktop software is still one of the top search results.

The Design Helps Avoid Detection

The virus is especially difficult to detect since even when a user launches the sham software, they are unaware because the false apps may replicate the identical capabilities that the authentic program delivers.

The majority of the hacker’s apps are readily generated from legitimate web sites using a Chromium-based framework, allowing them to disseminate functioning programs laden with malware without having to develop them from scratch.

So far, the virus has infected over 100,000 people in Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland.

Read the latest crypto news.