Researchers at Check Point Research have warned that a version of Google Translate on desktop is being used in a crypto mining campaign to potentially infect thousands of machines worldwide. As per the report, the threat actor behind these attacks is a Turkish-speaking software developer called Nitrokod. The attacker is using the free versions of popular software that don’t have an official desktop version, like Google Translate, to ship trojans and malware to devices. The infected app will work as it is supposed to work so its malicious activity remains hidden from users also.
As per the report, this crypto miner malware campaign has infected machines across 11 countries. Check Point XDR first found out about the attack, says the report.
According to the report, the malware is available via websites like Softpedia and uptodown and can usually turn up at the top when anyone searches on Google for “Google Translate desktop download.”
“While the applications boast a “100 CLEAN” banners on some site, the applications are in fact Trojanized, and contain a delayed mechanism to unleash a long multi-stage infection that ends with a crypto mining malware”, said the report.
The cyber criminals are also trying to cover their tracks. The report added that after installing the software initially, the infection process was delayed by the attackers for weeks and the traces from the original installation deleted. This approach has helped them stay under the radar for years.
As per the report, this crypto miner malware campaign has infected machines across 11 countries. Check Point XDR first found out about the attack, says the report.
According to the report, the malware is available via websites like Softpedia and uptodown and can usually turn up at the top when anyone searches on Google for “Google Translate desktop download.”
“While the applications boast a “100 CLEAN” banners on some site, the applications are in fact Trojanized, and contain a delayed mechanism to unleash a long multi-stage infection that ends with a crypto mining malware”, said the report.
The cyber criminals are also trying to cover their tracks. The report added that after installing the software initially, the infection process was delayed by the attackers for weeks and the traces from the original installation deleted. This approach has helped them stay under the radar for years.
