Recently, a crypto mining malware which was disguised as a Google Translate app, has been foraying into thousands of computers. According to a study by Check Point Research (CPR), this malware called the “Nitokod” has been developed by a Turkey based entity as a desktop application for Google Translate.
Many Google users have downloaded this app on their PCs in the absence of Google’s official desktop app for Translate services. Once this app is downloaded it establishes elaborate crypto mining operation set-up on the infected devices.
After the downloading of this malicious app, the malware installation process is triggered via a scheduled task mechanism. Later, this harmful malware puts in place a sophisticated mining setup for the Monero cryptocurrency based on the energy-intensive proof of work mining model. As a consequence, it provides the controller of this campaign, hidden access to the infected computers to scam users and later damage the systems.
The CPR report claims, “After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download’. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection.”
Reportedly, till now machines across at least 11 nations have been compromised via Nitrokod malware that was circulated from 2019. CPR has also posted updates and alerts about the crypto mining campaign on Twitter.
To recall, in a similar move earlier this year, Joker malware infected 50 apps on the Google Play Store, according to Zscaler Threatlabz. Google swiftly removed them from its app store. The Joker, Facestealer, and Coper malware families were found to be spreading through apps, according to the Zscaler ThreatLabz team. The malicious apps were swiftly deleted from the Google Play Store when the ThreatLabz team immediately alerted the Google Android Security team of these newly discovered dangers.
In addition to stealing the victim’s contacts, device data, and SMS messages, this virus aimed to sign the victim up for pricey wireless application protocol (WAP) services. The majority of the Joker-infected apps had fallen into the category of tools and communication, which was one of the most targeted.
Download The Mint News App to get Daily Market Updates & Live Business News.