That ‘clean’ Google Translate app is actually Windows crypto-mining malware

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.

The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or weeks before its hidden Monero-crafting code is executed.

It’s said that the Turkish-speaking group behind Nitrokod – which has been active since 2019 and was detected by Check Point Research threat hunters at the end of July – may already have infected thousands of systems in 11 countries. What’s interesting is that the apps provide a desktop version to services generally only found online.

Read more…
Source: The Register