The malware, called Nitrokid, was created by a Turkish-speaking individual or group and infected users in 11 countries.
Thousands of users around the world may have fallen victim to crypto mining malware posing as a fake Google Translate app. A new report from Check Point Research found that users who downloaded a fake desktop version of Google Translate were also downloading cryptomining malware.
The malware, called Nitrokid, was created by a Turkish-speaking individual or group and infected users in 11 countries. In addition to being removed with the fake desktop version of Google Translate, the miner was also secretly shipped with other third-party software, such as desktop versions of the YouTube Music app.
The software can be downloaded through popular websites like Softpedia and Uptodown. The people behind the malware used the Chromium Embedded Framework project to directly transfer web pages to desktop applications. While Nitrokid’s developer claimed to be completely free of bloatware and malware, the software was a Trojan horse that then downloaded the malware in 7 different stages.
The Trojan, named after the infamous Greek myth of the same name, even deleted the original installation files and installed the malware a month after the initial installation of the third-party program.
The malware managed to infect more than 100,000 devices in Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland.
Once the cryptominer is sneakily installed, the miner would continue to mine the Monero cryptocurrency, though the profits would be diverted to the malware developer. This type of malware is also known as a crypto jacker. Check Point Research had previously found this type of malware to be the sixth most popular at the same time worldwide.
What can be done to avoid being a victim of this malware? “Beware of similar domains, misspellings on websites, and unknown email senders. Only download software from known and authorized publishers or vendors, and ensure your endpoint security is up to date and provides comprehensive protection,” said Maya Horowitz, vice president of research at Check Point Software.
(Edited by : sudarsanan mani)