Site icon News Update

How this crypto-mining malware infected PCs through fake Google Translate app

How this crypto-mining malware infected PCs through fake Google Translate app

Recently, a crypto mining malware which was disguised as a Google Translate app, has been foraying into thousands of computers. According to a study by Check Point Research (CPR), this malware called the “Nitokod” has been developed by a Turkey based entity as a desktop application for Google Translate.

Many Google users have downloaded this app on their PCs in the absence of Google’s official desktop app for Translate services. Once this app is downloaded it establishes elaborate crypto mining operation set-up on the infected devices.

After the downloading of this malicious app, the malware installation process is triggered via a scheduled task mechanism. Later, this harmful malware puts in place a sophisticated mining setup for the Monero cryptocurrency based on the energy-intensive proof of work mining model. As a consequence, it provides the controller of this campaign, hidden access to the infected computers to scam users and later damage the systems.

The CPR report claims, “After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download’. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection.”

Reportedly, till now machines across at least 11 nations have been compromised via Nitrokod malware that was circulated from 2019. CPR has also posted updates and alerts about the crypto mining campaign on Twitter.

To recall, in a similar move earlier this year, Joker malware infected 50 apps on the Google Play Store, according to Zscaler Threatlabz. Google swiftly removed them from its app store. The Joker, Facestealer, and Coper malware families were found to be spreading through apps, according to the Zscaler ThreatLabz team. The malicious apps were swiftly deleted from the Google Play Store when the ThreatLabz team immediately alerted the Google Android Security team of these newly discovered dangers.

In addition to stealing the victim’s contacts, device data, and SMS messages, this virus aimed to sign the victim up for pricey wireless application protocol (WAP) services. The majority of the Joker-infected apps had fallen into the category of tools and communication, which was one of the most targeted.

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Post your comment
First article

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@newsupdate.uk. The content will be deleted within 24 hours.
Exit mobile version