A security research team has warned users of fake versions of popular Google apps like Google Translate, YouTube Music, and Microsoft Translate spreading Monero mining malware.
A terrifying malware campaign has reportedly become operative and is targeting users via fake apps imitating popular Google apps. The malware has infected thousands of computers globally as reported by Check Point Research (CPR), the research team of American-Israeli cybersecurity provider Check Point Software Technologies. The research team has detected the Monero mining malware dubbed “Nitrokod” that has infected computers across 11 countries since 2019. In a report, the research team shared that the malware attacks through fake apps of desktop versions of popular Google applications like Google Translate, YouTube Music, and Microsoft Translate. These fake apps can be downloaded from dozens of free software download websites, like Softpedia and Uptodown.
The research team has conducted their study on the fake Google Translate desktop app. The research team is quoted as saying, “Most of the programs Nitrokod offers are popular software that do not have an official desktop version. For example, the most popular Nitrokod program is the Google Translate desktop application. Google has not released an official desktop version, making the attackers’ version very appealing.”
The study further notes that the malware campaign has been undetected until now due to its operational ways. The malware, instead of initiating an attack just after the initial software download, follows a scheduled task mechanism to carry out the malware installation over several days and delete the traces of its installation.
Shockingly, the hackers create the fake apps from the official web pages of the original source by using a Chromium-based framework that allows them to spread functional programs.
According to Check Point, nearly one hundred thousand victims across Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have been infected by mining Monero (XMR) with their CPU.