Sun, 25 September 2022
The Daily Ittefaq

Fake Google App Mining Crypto From Windows PCs With Malware Since 2019 Detected

Update : 04 Sep 2022, 16:07

Turkish-speaking hackers are spreading crypto-mining malware through free software download sites, including one offering a fake Google Translate desktop app, according to new research.

According to a study by Check Point Research (CPR), this malware called the “Nitokod" has been developed by a Turkey based entity as a desktop application for Google Translate.

It has been reported to have infected thousands of windows computers worldwide. This process uses a significant amount of power to illegally mine crypto without the user’s permission. 

“The malware is dropped from applications that are popular, but don’t have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive,” Check Point malware analyst Moshe Marelus wrote in a report on Monday.

After the user has installed the malware-infected application on the computer, the app installs actual Google translate, and using chromium code, translates the Web page from the actual Google Translate program. This provides hackers to give functionality to their malware-infected programs. A scheduled update check is sent every time the system starts up.

Then, the hackers wait patiently for one month for installing the mining software, so that the user does not detect any unusual activity in power usage. 

First, a post-installation message about the information of the infected machine is sent to the Nitrokod domain. Then, a scheduled update checker is installed, which checks with the Nitrokod domain every time the system starts up.

 

More on this topic

More on this topic