Security News > 2022 > August > That 'clean' Google Translate app is actually Windows crypto-mining malware

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.
"The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.
Along with Google Translate, other software leveraged by Nitrokod include other translation applications - including Microsoft Translator Desktop - and MP3 downloader programs.
According to Softpedia, the Nitrokod Google Translator app has been downloaded more than 112,000 times since December 2019.
The Google translate desktop application is converted from the Google Translate web page using the CEF project. This gives the attackers the ability to spread functional programs without having to develop them."
After the booby-trapped program is downloaded and the user launches the software, an actual Google Translate app, built as described above using Chromium, is installed and runs as expected.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/30/nitrokod_crypto_malware_google/
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining (source)
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)