Security News > 2022 > August > That 'clean' Google Translate app is actually Windows crypto-mining malware

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.
"The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.
Along with Google Translate, other software leveraged by Nitrokod include other translation applications - including Microsoft Translator Desktop - and MP3 downloader programs.
According to Softpedia, the Nitrokod Google Translator app has been downloaded more than 112,000 times since December 2019.
The Google translate desktop application is converted from the Google Translate web page using the CEF project. This gives the attackers the ability to spread functional programs without having to develop them."
After the booby-trapped program is downloaded and the user launches the software, an actual Google Translate app, built as described above using Chromium, is installed and runs as expected.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/30/nitrokod_crypto_malware_google/
Related news
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- GrassCall malware campaign drains crypto wallets via fake job interviews (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)