Saturday, April 13, 2024

New Malware Campaign Disguised as Google Translate Distribute Cryptocurrency Miner

Cryptocurrency mining malware has been found recently in an ongoing campaign in 11 countries disguised as Google Translate and MP3 downloaders.

In order to distribute fake applications, legitimate sites which offer free software are distributing them to their users. In addition to this, it also exposes users of search engines to malicious applications through regular visits to these sites.

Detection of this malware has been carried out by Check Point security analysts. Nitrokod is the developer of the malware, which is presented to the user as being free of malware and providing the functionality that is advertised.

Infection Chain

Most Nitrokod campaigns follow similar infection chains, starting with an infected file downloaded from the Internet, followed by the installation of a file that has been infected.

The Google Translate application is actually installed once the user launches the new software and the installation process is complete. 

A newer version of the file will then be dropped and this will start a series of four droppers that will eventually bring the actual malware to the computer.

Initially, when the malware is executed, it will connect to its command and control (C&C) server, which will configure the XMRig crypto miner to start mining as soon as the malware is activated.

In terms of search results, Nitrokod ranks highly in Google, so the website serves as a perfect catch for users who are looking for a certain service.

Here’s what the experts at Check Point stated:-

“To evade detection, during the installation of the malicious components of the malware, the software purposely delays the process for up to a month in order.”

There were over 112,190 downloads of Nitrokod’s Applet for Google Translate on Softpedia after the applet was posted there.

There is a dropper that is activated by the software so as to prevent raising suspicions and thwart sandbox analysis. During the fifth day of the infection, another encrypted RAR file was forwarded by Wget containing a dropper that was loaded from that file.

After a period of 15 days, the software will end up fetching the next encrypted RAR from the following web portal, using PowerShell commands:-

  • intelserviceupdate[.]com


The risk of crypto-mining malware can be quite high, since it can cause hardware stress and overheat, as a result of which it can damage the hardware. 

It also affects your computer’s performance by using additional CPU resources, which in turn results in a slower computer.

While to mitigate such a situation or threat you should follow the recommendations that we have mentioned below:-

  • Always avoid downloading apps from unknown sources.
  • Do not download any apps that promise unofficial functionalities.
  • Always verify the developer profile before downloading an app.
  • Avoid clicking spammy links to download any app.

Secure Azure AD Conditional Access – Download Free E-Book


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles