Security News > 2022 > August > That 'clean' Google Translate app is actually Windows crypto-mining malware
Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.
"The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.
Along with Google Translate, other software leveraged by Nitrokod include other translation applications - including Microsoft Translator Desktop - and MP3 downloader programs.
According to Softpedia, the Nitrokod Google Translator app has been downloaded more than 112,000 times since December 2019.
The Google translate desktop application is converted from the Google Translate web page using the CEF project. This gives the attackers the ability to spread functional programs without having to develop them."
After the booby-trapped program is downloaded and the user launches the software, an actual Google Translate app, built as described above using Chromium, is installed and runs as expected.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/30/nitrokod_crypto_malware_google/
Related news
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)