Security News > 2022 > August > That 'clean' Google Translate app is actually Windows crypto-mining malware
Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.
"The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.
Along with Google Translate, other software leveraged by Nitrokod include other translation applications - including Microsoft Translator Desktop - and MP3 downloader programs.
According to Softpedia, the Nitrokod Google Translator app has been downloaded more than 112,000 times since December 2019.
The Google translate desktop application is converted from the Google Translate web page using the CEF project. This gives the attackers the ability to spread functional programs without having to develop them."
After the booby-trapped program is downloaded and the user launches the software, an actual Google Translate app, built as described above using Chromium, is installed and runs as expected.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/30/nitrokod_crypto_malware_google/
Related news
- Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Windows users targeted with fake human verification pages delivering malware (source)
- Global infostealer malware operation targets crypto users, gamers (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)