Monday 26 September 2022
Home / none / Sneaky fake Google Translate app installs crypto miner on 112,000 PCs

Sneaky fake Google Translate app installs crypto miner on 112,000 PCs

Crypto mining malware has been sneakily invading hundreds of thousands of computers around the world since 2019, often masquerading as legitimate programs such as Google Translate, new research has found.

In a Monday report by Check Point Research (CPR), a research team for American-Israeli cybersecurity provider, Check Point Software Technologies revealed the malware has been flying under the radar for years, thanks partly to its insidious design which delays installing the crypto mining malware for weeks after the initial software download.

Linked to a Turkish-based-speaking software developer claiming to offer “free and safe software,” the malware program invades PCs through counterfeit desktop versions of popular apps such as YouTube Music, Google Translate and Microsoft Translate.

Once a scheduled task mechanism triggers the malware installation process, it steadily goes through several steps over several days, ending with a stealth Monero (XMR) crypto mining operation being set up.

The cybersecurity firm said that the Turkish-based crypto miner dubbed ‘Nitrokod’ has infected machines across 11 countries.

According to CPR, popular software downloading sites like Softpedia and Uptodown had forgeries available under the publisher name Nitrokod INC.

Some of the programs had been downloaded hundreds of thousands of times, such as the fake desktop version of Google Translate on Softpedia, which even had nearly a thousand reviews, averaging a star score of 9.3 out of 10, despite Google not having an official desktop version for that program.

Screenshot by Check Point Research of the alleged fake app

According to Check Point Software Technologies, offering a desktop version of apps is a key part of the scam.

Most programs offered by Nitrokod do not have a desktop version, making the counterfeit software appealing to users who think they’ve found a program unavailable anywhere else.

According to Maya Horowitz, vice president of research at Check Point Software, the malware-riddled fakes are also available “by a simple web search.”

“What’s most interesting to me is the fact that the malicious software is so popular, yet went under the radar for so long.”

As of writing, Nitrokod’s imitation Google Translate Desktop program remains one of the main search results.

Design helps avoid detection

The malware is particularly tricky to detect, as even when a user launches the sham software, they remain none the wiser as the fake apps can also mimic the same functions that the legitimate app provides.

Most of the hacker’s programs are easily built from the official web pages using a Chromium-based framework, allowing them to spread functional programs loaded with malware without developing them from the ground up.

Related: 8 sneaky crypto scams on Twitter right now

So far, over one hundred thousand people across Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia and Poland have all fallen prey to the malware.

To avoid getting scammed by this malware and others like it, Horowitz, says several basic security tips can help reduce the risk.

“Beware of lookalike domains, spelling errors in websites, and unfamiliar email senders. Only download software only from authorised, known publishers or vendors and ensure your endpoint security is up to date and provides comprehensive protection.”

Original Article

About Jude Savage

Check Also

Reversible transactions could mitigate crypto theft — Researchers

Stanford University researchers have come up with a prototype for “reversible transactions” on Ethereum, arguing it could be a solution to reduce the impact of crypto theft. In a Sept. 25 tweet, Stanford University blockchain researcher Kaili Wang shared a run down of the Ethereum-based reversible token idea, noting that at this stage it is not a finished concept but more of a “proposal to provoke discussion and even better solutions from the blockchain community,” noting: “The major hacks we've seen are undeniably thefts with strong evidence. If there was a way to reverse those thefts under such circumstances, our ecosystem would be much safer. Our proposal allows reversals only if approved by a decentralized quorum of judges.”The proposal was put together by blockchain researchers from Stanford, including Wang, Dan Boneh, Qinchen Wang, and it outlines “opt-in token standards that are siblings to ERC-20 and ERC-721” dubbed ERC-20R and ERC-721R. However, Wang clarified that th..

Leave a Reply

Your email address will not be published. Required fields are marked *