Do you have Google Translate on your desktop? Be careful! The search engine giant never has released a desktop version of its ultra-popular language tool, so there’s a good chance you have a rogue app masquerading as malware on your PC.
According to a new report from Check Point Research (CPR), a cybercriminal campaign, dubbed Nitrokod, is obfuscating crypto-mining software as the desktop version of Google Translate (along with other legitimate-sounding apps) to secretly gain money. money from unsuspecting victims.
This Google app might not be what you thought it was
When users search for “Download Google Translate Desktop”, the malicious link to malware infected software appears at the top of Google search results (I checked it myself and it is still the).
After victims unknowingly download the malicious and bogus Google Translate app, something interesting happens: the infection process doesn’t happen right away. Instead, cybercriminals delay it, insidiously sullying users’ PCs after a period of weeks. They also remove traces of the original installation.
“Once the user launches the new software, a real Google Translate app is installed,” the CPR report said. In other words, to make matters worse, the malicious developer of the Google Translate desktop application has created a realistic program using a Chromium-based framework that converts the Google Translate web page into a working platform.
“Additionally, an updated file is dropped, which starts a series of four droppers until the real malware is removed,” the CPR report added.
Once the malware “finally emerges”, it connects to a command-and-control server that initiates unauthorized crypto-mining activity, allowing cybercriminals to surreptitiously earn money from users without distrust of the Google Translate desktop app.
Cybercriminals probably aren’t collecting anything demanding or power-hungry like Bitcoin or Ethereum, but they could mine Dogecoin or earn Shiba Inu for free. If they drain enough victims, they could make significant profits.
Check Point Research suspects that Nitrokod has infected thousands of machines worldwide in 11 countries. Keep in mind that the fake Google Translate desktop app is not the only bait used by crypto-focused cybercriminals to lure victims into their lair. They also offer “YouTube Music Desktop”, “Microsoft Translator Desktop” and other dubious applications.
It is easy to fall victim to this attack, especially considering its high visibility on Google search. CPR reminds users to only download software from known and authorized publishers and suppliers. If you suspect your PC has been hacked by Nitrokod, you will find a remediation section at the end of the CPR report that explains how to clean an infected machine.