Fake Google Translate Malware Infects 100K PCs With Monero (XMR) Crypto Mining Software

A Turkish-based cryptocurrency malware called ‘Nitrokod’ has infected over 100,000 personal computers across 11 countries.

What Happened: A new report from cybersecurity firm Check Point Research found that a malware application disguised as popular desktop applications has been making its way across the globe, largely undetected since 2019.

.@_CPResearch_ detected a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details, here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O

— Check Point Software (@CheckPointSW) August 29, 2022

The application portrays itself as legitimate software like Alphabet Inc’s GOOGL GOOG Google Translate and YouTube Music or Microsoft Corporation’s MSFT Microsoft Translate.

After being installed on a user’s desktop, the trojanized malware unleashes a multi-stage infection that ends with crypto mining malware. To avoid detection, the malware is first executed only a month after Nitrokod is first installed, found the security researchers.

“The infection chain continued after a long delay using a scheduled task mechanism, giving the attackers time to clear the evidence,” said Check Point Research.

The cryptocurrency miner is installed on personal devices in stage 6 of the infection process. The miner installed corresponds to the privacy coin Monero XMR/USD.

Unlike Bitcoin BTC/USD and Ethereum ETH/USD, Monero uses cryptography to shield the sender’s and receiver’s addresses and the amount transacted.

See Also: IS MONERO SAFE?

Price Action: At press time, XMR was trading at $150, up 0.27% over the last 24 hours, as per data from Benzinga Pro. Meanwhile, BTC was trading at $20,082, up 1.2% in 24 hours and ETH was trading at $1,557, up 1.8% over the same period.