Spoofed Google Translate App Sneakily Installs Monero Mining Malware on Over 1 Lakh PCs

This malware called the ‘Nitrokod’ has been created by a Turkey-related entity as a desktop application for Google Translate.

Spoofed Google Translate App Sneakily Installs Monero Mining Malware on Over 1 Lakh PCs

Photo Credit: Bloomberg

The Nitrokod malware has been in circulation since 2019

  • The malware installs Monero mining set-up
  • Monero uses PoW mining model
  • The controller of this campaign may get access to infected PCs

A crypto mining malware, disguised as a Google Translate app, has come to light recently for having forayed into thousands of computers. As per a study by Check Point Research (CPR), this malware called the ‘Nitrokod' has been created by a Turkey-related entity as a desktop application for Google Translate. Several people have ended up downloading this app on their PCs in the absence of Google's official desktop app for Translate services. This app, once installed, later establishes elaborate crypto mining operation set-up on the infected PCs.

Once the app is downloaded on a computer, the malware installation process is triggered via a scheduled task mechanism. Upon completion, this malware puts in place a sophisticated mining set-up for the Monero cryptocurrency, which is based on the energy-intensive proof-of-work (PoW) mining model.

This gives the controller of this campaign, hidden access to the infected computers to scam users and later damage the machines.

“After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download'. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection,” CPR said in its report.

As for now, PCs across at least eleven nations have been compromised via Nitrokod malware that has been in circulation since 2019.

CPR has posted updates and alerts about this crypto mining campaign on Twitter.

In recent times, the crypto sector has become a popular means for scamming among cyber criminals.

Scammers have been using the public trust on popular tech brands like LinkedIn, Twitter, and Google to fish out their victims and strike them.

Crypto scams via ‘unicode letters' as well as ‘honeypot accounts' have also increased in frequency in recent times, cyber researcher Serpent noted in his Twitter thread.

In the former, scammers replace URLs to legitimate sites with infected ones created by them. Characters in the infected URLs are made to look like the ones in the real links. Once the target enters the fake website and gives away their login information, their assets come closer to being under the control of the scammer, who eventually drains it off the wallet.

This week, we discuss Android 13 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Radhika Parashar
Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More
Sony Xperia 5 IV With Snapdragon 8 Gen 1 SoC, Compact Design Launched: Price, Specifications
Apple, HTC, ZTE LTE-Capable Devices Didn’t Violate INVT’s Wireless Patents, US Appeals Court Says
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2023. All rights reserved.