In a major cybersecurity breach discovered recently, hackers have used a fake Google Translate app since 2019 to illegally mine cryptocurrencies without the user’s permission, infecting thousands of Windows PCs with malware.
This crypto jacking malware is developed by the Turkish company Nitrokod. The malware uses the graphics processing unit (GPU) of the host to mine cryptocurrency without users’ permission. According to a report by cyber security research firm Check Point Research, it is believed to have infected thousands of Windows computers across the world. This process uses significant amounts of energy to mine cryptocurrencies illegally without the user’s permission.
“The malware is dropped from applications that are popular, but don’t have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive,” Check Point malware analyst Moshe Marelus wrote in a report on Monday.
Victims mainly came from the United Kingdom, the United States, Sri Lanka, Greece, Israel, Germany, Turkey, Cyprus, Australia, Mongolia and Poland.
As per the report, the Trojan horse campaign involved spreading malware using free programs available on well-known websites like Softpedia and UptoDown.
“Using an interesting strategy, the malware delays execution for weeks while keeping its dangerous behaviour distinct from the downloaded false software. With the help of download websites like Softpedia, Nitrokod has been effective in getting its infected code out there,” the report said.
According to Softpedia, the Nitrocode Google Translator program has been downloaded more than 112,000 times since December 2019.
In addition to Google Translate, Nitrokod also uses MP3 downloading apps and other translation software, such as Microsoft Translator Desktop. On certain websites, rogue software will exclaim that they are 100 per cent clean, while in reality, they contain mining malware.