Tuesday, May 6, 2025
HomeCyber Security NewsNew Malware Campaign Disguised as Google Translate Distribute Cryptocurrency Miner

New Malware Campaign Disguised as Google Translate Distribute Cryptocurrency Miner

Published on

SIEM as a Service

Follow Us on Google News

Cryptocurrency mining malware has been found recently in an ongoing campaign in 11 countries disguised as Google Translate and MP3 downloaders.

In order to distribute fake applications, legitimate sites which offer free software are distributing them to their users. In addition to this, it also exposes users of search engines to malicious applications through regular visits to these sites.

Detection of this malware has been carried out by Check Point security analysts. Nitrokod is the developer of the malware, which is presented to the user as being free of malware and providing the functionality that is advertised.

- Advertisement - Google News

Infection Chain

Most Nitrokod campaigns follow similar infection chains, starting with an infected file downloaded from the Internet, followed by the installation of a file that has been infected.

The Google Translate application is actually installed once the user launches the new software and the installation process is complete. 

A newer version of the file will then be dropped and this will start a series of four droppers that will eventually bring the actual malware to the computer.

Initially, when the malware is executed, it will connect to its command and control (C&C) server, which will configure the XMRig crypto miner to start mining as soon as the malware is activated.

In terms of search results, Nitrokod ranks highly in Google, so the website serves as a perfect catch for users who are looking for a certain service.

Here’s what the experts at Check Point stated:-

“To evade detection, during the installation of the malicious components of the malware, the software purposely delays the process for up to a month in order.”

There were over 112,190 downloads of Nitrokod’s Applet for Google Translate on Softpedia after the applet was posted there.

There is a dropper that is activated by the software so as to prevent raising suspicions and thwart sandbox analysis. During the fifth day of the infection, another encrypted RAR file was forwarded by Wget containing a dropper that was loaded from that file.

After a period of 15 days, the software will end up fetching the next encrypted RAR from the following web portal, using PowerShell commands:-

  • intelserviceupdate[.]com

Recommendation

The risk of crypto-mining malware can be quite high, since it can cause hardware stress and overheat, as a result of which it can damage the hardware. 

It also affects your computer’s performance by using additional CPU resources, which in turn results in a slower computer.

While to mitigate such a situation or threat you should follow the recommendations that we have mentioned below:-

  • Always avoid downloading apps from unknown sources.
  • Do not download any apps that promise unofficial functionalities.
  • Always verify the developer profile before downloading an app.
  • Avoid clicking spammy links to download any app.

Secure Azure AD Conditional Access – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...