There’s a new malware campaign being outlined by researchers that come disguised as Google Translate.
It’s been noticed how the malware has already caused damage in 11 different countries after being found guilty of providing cryptocurrency mining malware.
Interestingly, these fake apps are being passed on via legitimate software pages. And that’s what is giving them so much exposure to such malicious attempts. Hence, both users and leading search engines are getting affected the most.
The reports came to us thanks to Check Point who says the malware has come about due to the efforts of a developer dubbed Nitrokod. The software in question carries out its effects by delaying the installation of various malware components to as much as one month to prevent detection.
And to make matters worse, Nitrokod’s offerings are being seen topping Google’s search rankings. Hence, you can see how the webpage behaves as the ultimate trap for users when they’re on the search for a particular utility.
Around 112,000 downloads for Nitrokod’s Google Translate were seen come into action by being uploaded via Softpedia. Hence, no matter which program gets installed through Nitrokod, users receive password-protected RAR that eliminates AV detection.
Execution is carried out through the app’s name and when the file is run, software gets installed on the system, along with registry keys.
To help evade its detection, the software then makes use of a dropper through another RAR file after the infection has taken center stage.
After that, the software is able to clear the whole system using commands via PowerShell. After nearly two weeks, it takes on another encrypted RAR. Dropper after dropper come into play until finally, the file encasing the mining malware is added.
So, how can users stay safe is the question on so many people’s minds. Before we get into that, let’s see the risks it possess.
Well, it has the capability to damage hardware by overheating and stressing your device, including the CPU. In addition to that, these malware droppers have the capability of swapping the last payload with something more dangerous.
Hence, to better protect yourself from the threat, it’s advised to avoid loading applications that make false promises of features that have never been outlined by developers. This includes a desktop version of the tool called Google Translate.
Read next: What Influences Search Engines To Index Content? Google Shares Its Valuable Insights
It’s been noticed how the malware has already caused damage in 11 different countries after being found guilty of providing cryptocurrency mining malware.
Interestingly, these fake apps are being passed on via legitimate software pages. And that’s what is giving them so much exposure to such malicious attempts. Hence, both users and leading search engines are getting affected the most.
The reports came to us thanks to Check Point who says the malware has come about due to the efforts of a developer dubbed Nitrokod. The software in question carries out its effects by delaying the installation of various malware components to as much as one month to prevent detection.
And to make matters worse, Nitrokod’s offerings are being seen topping Google’s search rankings. Hence, you can see how the webpage behaves as the ultimate trap for users when they’re on the search for a particular utility.
Around 112,000 downloads for Nitrokod’s Google Translate were seen come into action by being uploaded via Softpedia. Hence, no matter which program gets installed through Nitrokod, users receive password-protected RAR that eliminates AV detection.
Execution is carried out through the app’s name and when the file is run, software gets installed on the system, along with registry keys.
To help evade its detection, the software then makes use of a dropper through another RAR file after the infection has taken center stage.
After that, the software is able to clear the whole system using commands via PowerShell. After nearly two weeks, it takes on another encrypted RAR. Dropper after dropper come into play until finally, the file encasing the mining malware is added.
So, how can users stay safe is the question on so many people’s minds. Before we get into that, let’s see the risks it possess.
Well, it has the capability to damage hardware by overheating and stressing your device, including the CPU. In addition to that, these malware droppers have the capability of swapping the last payload with something more dangerous.
Hence, to better protect yourself from the threat, it’s advised to avoid loading applications that make false promises of features that have never been outlined by developers. This includes a desktop version of the tool called Google Translate.
Read next: What Influences Search Engines To Index Content? Google Shares Its Valuable Insights
