Crypto mining malware impersonates Google translate desktop, other legitimate apps

admin August 31, 2022

0 2 minutes read

Check Point Research (CPR), an Israel-based cyber threat intelligence firm, has uncovered the identity of a malicious cryptocurrency mining malware campaign that infected thousands of machines in 11 countries. It was Nitrokod. report released on Sunday.

Crypto miner malware, also known as cryptojackers, is a type of malware that exploits the computing power of infected PCs to mine cryptocurrencies.

Nitrokod impersonates Google Translate Desktop and other free software on websites to launch cryptominer malware and infect computers. When an unsuspecting user searches for “Google Translate Desktop download,” a malicious link to malware-infected software appears at the top of her Google search results.

Since 2019, the malware has operated with a multi-stage infection process, starting by delaying the infection process until several weeks after the user downloads the malicious link. It also removes traces of the original installation and prevents the malware from being detected by antivirus programs.

“When a user launches the new software, it installs the actual Google Translate application,” CPR’s report states. Here the victim encounters a life-like program using her Chromium-based framework. The program lures users through her Google Translate web page and tricks them into downloading a bogus application.

In the next stage, the malware schedules a task to clear logs and delete associated files and evidence. The next stage of the infection chain continues after 15 days. A multi-step approach helps avoid malware detection in sandboxes set by security researchers.

“Additionally, updated files are dropped. This results in a series of four droppers, actual The malware has been dropped,” the CPR report added.

In other words, the malware initiates the Monero (XMR) cryptomining operation, connecting to a command and control server that allows cybercriminals to monetize users of Google Translate’s desktop app, the malware “powermanager.exe”. is secretly dropped on infected machines. .

Monero is the most popular cryptocurrency for cryptojackers and other illegal transactions. Cryptocurrencies offer near anonymity to their owners.

Crypto miner malware can easily fall victim as it is dropped from software that appears high in Google search results for legitimate applications. If you suspect your PC is infected, you can learn more about how to recover an infected machine. At the end of the CPR report.