Do you have Google Translate on your desktop? Watch out! The search engine giant never has released a desktop version of its extremely popular language tool, so chances are you have a rogue app masquerading as malware on your PC.
According to a new report from Check Point Research (CPR), a cybercriminal campaign called Nitrokod is masking crypto mining software like the desktop version of Google Translate (as well as other legitimate-sounding apps) to secretly monetize unsuspecting victims.
That Google app may not be what you thought it was
When users search for “Google Translate Desktop download”, the malicious link to the malware-infected software appears at the top of Google’s search results (I checked it myself and it’s still over there).
After victims unknowingly download the malicious fake Google Translate app, something interesting happens: the infection process doesn’t take place right away. Instead, cyber criminals delay and contaminate users’ PCs after a period of weeks. They also remove traces of the original installation.
“Once the user launches the new software, an actual Google Translate application is installed,” the CPR report said. In other words, to make matters worse, the malicious developer of the Google Translate desktop app has created a realistic-looking program using a Chromium-based framework that converts the Google Translate webpage into a functional platform.
“In addition, an updated file is dropped, which starts a series of four droppers until the factual malware has been removed,” the CPR report added.
Once the malware finally “works”, it connects to a Command and Control server that initiates unauthorized crypto mining activities, allowing cybercriminals to stealthily monetize unsuspecting users of Google Translate’s desktop app.
The cyber criminals probably don’t collect anything demanding or energy intensive like Bitcoin or Ethereum, but they can mine Dogecoin or earn free Shiba Inu. If they leak out enough victims, they can make significant profits.
Check Point Research suspects Nitrokod has infected thousands of machines in 11 countries worldwide. Keep in mind that the fake desktop Google Translate app isn’t the only bait that crypto-targeted cybercriminals use to lure victims into their lair. They also offer “YouTube Music Desktop”, “Microsoft Translator Desktop” and other questionable apps.
It’s easy to fall victim to this attack, especially given the high visibility on Google Search. CPR reminds users to: nothing but download software from authorized, reputable publishers and suppliers. If you suspect that your PC has been hijacked by Nitrokod, you will find a recovery section at the end of the CPR report that explains how to clean up an infected machine.