Fake versions of applications of well-known services, such as Google Translate, set up Monero mining on users’ machines in 11 countries
Thousands of computers around the world were infected with malware that used them for hidden mining, the cybersecurity company Check Point Research (CPR), which discovered the problem, reported. The program of Turkish developers Nitrokod was freely distributed through popular software libraries such as Softpedia and Uptodown, as well as links to it were given by search engines when trying to find and download the desktop version of the Google Translate service.
The application contains a mechanism for launching a long-term phased infection, which eventually sets up the hidden mining of the Monero cryptocurrency (XMR) in a few weeks.
This allows malware to remain undetected for a long time.
The absence of a desktop version of the real Google Translate service has made malware masquerading as such a version in demand. According to researchers, Nitrokod infected users’ computers in 11 countries around the world.
At the end of August, the KuCoin crypto exchange warned about the threat of losing funds due to a new fraud scheme using malware. The security service of the platform discovered an extension for the Chrome browser called “Google Sheets”, masquerading as the Google service of the same name.