This fake “Google” app infects PC with cryptomining software to create ransomware – Okibata

Do you have Google Translate on your desktop? Be careful! The search engine giant has never released a desktop version of its ultra-popular language tool, so chances are your PC has a rogue app masquerading as malware.

A cybercriminal campaign dubbed Nitrokod is confusing cryptocurrency mining software as a desktop version of Google Translate (along with other seemingly legitimate apps) to steal money from unsuspecting people, according to a new report from Check Point Research (CPR). victims.

This Google app might not be what you imagined it to be

When users search for “Download Google Translate Desktop”, a malicious link to malware-infected software appears at the top of Google search results (I checked it myself and it’s still there).

Fake Google Translate desktop app (Image credit: Check Point Research)

After victims unknowingly download the malicious and fake Google Translate app, something interesting happens: the infection process doesn’t happen right away. Instead, cybercriminals delay it by insidiously polluting users’ computers weeks later. They also remove traces of the original installation.

“Once the user launches the new software, the actual Google Translate app is installed,” the CPR report says. In other words, to make matters worse, the malicious developer of the Google Translate desktop app has created a realistic program using a Chromium-based framework that transforms a Google Translate web page into a working platform.

“In addition, an updated file is dropped, which launches a series of four droppers until the actual malware is removed,” the CPR report says.

Once the malware finally “appears”, it connects to the command and control server, which initiates unauthorized cryptocurrency mining activities, allowing cybercriminals to secretly make money from unsuspecting users.

Cybercriminals probably don’t collect anything demanding or voracious like Bitcoin or Ethereum, but they can mine Dogecoin for free or earn Shiba Inu. If they deplete enough victims, they can make a significant profit.

Fake Cryptocurrency Mining Apps

(Image credit: Check Point Research)

Check Point Research suspects that Nitrokod has infected thousands of computers worldwide in 11 countries. Keep in mind that the fake Google Translate desktop app isn’t the only lure used by crypto-focused cybercriminals to lure victims into their lair. They also offer “YouTube Music Desktop”, “Microsoft Translator Desktop” and other dubious applications.

It’s easy to fall victim to this attack, especially given its high visibility in Google searches. RCR reminds users to download software only from known and authorized vendors and vendors. If you suspect that your computer has been compromised by Nitrokod, you will find a fix section at the end of the CPR report that explains how to clean up an infected machine.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.