Fake Google Translate app installs crypto miner on 112,000 computers

A new study has found that crypto-mining malware has been surreptitiously infecting hundreds of thousands of computers worldwide since 2019, often masquerading as legitimate programs like Google Translate.

In a report released Monday by Check Point Research (CPR), a research team of the US-Israeli cybersecurity provider, Check Point Software Technologies revealed that malware has been flying under the radar for years, thanks in part to its malicious design that delays the installation of crypto mining. . Malware for weeks after the initial program download.

Linked to a Turkish-speaking software developer who claims to offer “free and safe software,” the malware invades computers through counterfeit desktop versions of popular apps like YouTube Music, Google Translate and Microsoft Translate.

Once the scheduled task mechanism begins the malware installation process, it steadily goes through several steps over several days, ending with a stealth Monero (XMR) crypto mining process in the making.

The cybersecurity firm said the Turkey-based crypto-mining firm dubbed ‘Nitrokod’ has infected devices in 11 countries.

According to CPR, popular software download sites like Softpedia and Uptodown have fakes available under the publisher name Nitrokod INC.

Some software has been downloaded hundreds of thousands of times, like the fake desktop version of Google Translate on Softpedia, which even got nearly a thousand reviews, with an average of 9.3 stars out of 10, even though Google doesn’t have an official desktop version for this software. .

Screenshot by Check Point Research of the alleged fake app

According to Check Point Software Technologies, offering the desktop version of the apps is an essential part of the scam.

Most software offered by Nitrokod does not have a desktop version, which makes counterfeit software attractive to users who think they have found software that is not available elsewhere.

According to Maya Horowitz, Vice President of Research at Check Point Software, malware-ridden fake programs are also available “by a simple web search”.

“The most exciting thing for me is the fact that malware is very common, yet it has been under the radar for a long time.”

As of this writing, Nitrokod’s Google Translate Desktop clone remains one of the major search results.

Design helps avoid detection

Malware is particularly hard to detect, even when a user runs a fake program, it remains wiser because fake apps can also mimic the same functions that a legitimate app provides.

Most hackers are easily created from official web pages using a Chromium-based framework, which allows them to publish functional software laden with malware without developing it from the ground up.

Related: 8 Cryptocurrency Scams On Twitter Right Now

So far, more than a hundred thousand people across Israel, Germany, UK, US, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia and Poland have fallen prey to the malware.

To avoid being scammed by this malware and others, Horowitz says, several basic security tips can help reduce risks.

“Beware of similar domains, misspellings on websites, and unfamiliar email senders. Only download software from approved and reputable publishers or resellers and make sure peripheral security is up-to-date and comprehensive protection is provided.”