A security research team has warned users about fake versions of popular Google apps like Google Translate, YouTube Music, and Microsoft Translate that are spreading Monero mining malware.
A horror malware The campaign is said to be active and is targeting users through fake apps that mimic popular Google apps. Malware has infected thousands of computers globally as reported by Test marks Research (CPR), US-Israeli research group network security Check Point Software Technology provider. The team discovered Monero mining malware called “Nitrokod” that has infected computers across 11 countries since 2019. In one report, the team shared that the malware attacks through apps that masquerade as desktop versions of popular Google apps like Google Translate, YouTube Music, and Microsoft Translate. These fake apps can be downloaded from dozens of free software download sites, like Softpedia and Uptodown.
The team conducted their research on the desktop Google Translator app. The team is quoted as saying, “Most of the programs that Nitrokod offers are popular software with no official desktop versions. For example, the most popular Nitrokod program is Google translator Desktop application. Google hasn’t released an official desktop version, which makes the attackers’ version very appealing.”
The study further notes that the malware campaign has remained undetected so far due to the way it works. Malware, instead of initiating an attack immediately after the initial software download, follows a scheduled task mechanism to perform malware installations within days and remove traces of its installation. it.
Incredibly, hackers create fakes application from the official sites of origin using a Chromium-based framework that allows them to propagate functional programs.
According to Check Point, nearly one hundred thousand victims across Israel, Germany, United Kingdom, United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have been infected while mining Monero. (XMR) with their CPU. .