Security News > 2022 > August > That 'clean' Google Translate app is actually Windows crypto-mining malware

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.

"The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.

Along with Google Translate, other software leveraged by Nitrokod include other translation applications - including Microsoft Translator Desktop - and MP3 downloader programs.

According to Softpedia, the Nitrokod Google Translator app has been downloaded more than 112,000 times since December 2019.

The Google translate desktop application is converted from the Google Translate web page using the CEF project. This gives the attackers the ability to spread functional programs without having to develop them."

After the booby-trapped program is downloaded and the user launches the software, an actual Google Translate app, built as described above using Chromium, is installed and runs as expected.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/30/nitrokod_crypto_malware_google/