112,000 computer users had been unknowingly mining cryptocurrency for a long time. Malware masquerading as Google Translate, signed by Nitrokod, is behind the hack. Fortunately, Check Point Software discovered and exposed the malware.
More than 100,000 duped users
For a long time, Check Point Software Technologies did not notice the malware, presented as Google Translate, created by the entity Nitrokod. This malware was only discovered when it was publicly announced by the cybersecurity firm last Monday.
“@_CPResearch_ has detected a #cryptominer #malware campaign, which may have infected thousands of machines worldwide. The attack, dubbed “Nitrokod”, was initially discovered by Check Point XDR. »
Software developed by Nitrokod INC has infected more than 112,000 computers to date. In addition to infecting computers, the software was used to mine Monero cryptocurrency.
People don’t suspect anything when they download supposedly safe and free software from sites like Uptodown and Softpedia. Many people have been fooled by this fake version of Google Translate that can be found on Softpedia. This version of Google Translate has an average rating of 9.3 out of 10 on Softpedia.
By releasing desktop versions of popular applications such as Google Translate and Youtube Music Desktop, the Nitrokod team demonstrates its incredible skill at manipulating people.
Intelligence agency CPR claims that Nitrokod wrote the code for this crypto mining campaign. This campaign that infected thousands of computers in 11 countries, including the UK, Germany, US, Israel, Poland and Australia, started in 2019. As a software developer, Nitrokod acts as follows:
- Change the free official desktop version of popular software;
- Easy to develop programs based on the official Chromium webpage;
- Separating malicious activity from Nitrokod programs to clear up suspicion;
- Make sure users can install the Google Translate app without asking any questions;
- It is recommended to install update files to integrate real malware smoothly;
- Connect the malware to the C&C server to get the configuration of the XMRig cryptominer;
- Then the crypto mining starts automatically.
Difficult to detect this malware
Maya Horowitz, chief of research at Check Point Software Technologies, said detecting the malware was very difficult.
“Watch out for similar domains, misspellings on websites, and unknown email senders. Only download software from well-known, authorized publishers or suppliers and ensure a high level of security for complete protection. »
Despite being hugely popular, this malware went largely unnoticed for a long time. The fake software tricked many users into thinking they were using the official version.
Cryptocurrencies have led to the rise of many forms of cybercrime on both sides of the world. An example is this Google Translate app for Google Play pretending to be a fake app. When installed on a computer, it uses system resources and electricity to mine cryptos. Consequently, it increases the electricity bill of the users.
This fraud is classified by AVG as a form of cryptojacking. Since crypto jacking only mines cryptocurrencies that make money, this software does not affect any personal data. However, hackers may change their methods to influence data in the future.