Sneaky fake Google Translate app installs crypto miner on 112,000 PCs

cointelegraph.com:

Crypto mining malware has been sneakily invading hundreds of thousands of computers around the world since 2019, often masquerading as legitimate programs, such as Google Translate, new research has found. 

In an Aug. 29 report by Check Point Research (CPR), a research team for American-Israeli cybersecurity provider, Check Point Software Technologies, the malware has been flying under the radar for years, thanks partly to its insidious design which delays instaling the crypto mining malware for weeks after the initial software download.

.@_CPResearch_ detected a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details, here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O

Linked to a Turkish-based-speaking software developer claiming to offer "free and safe software," the malware program invades PCs through counterfeit desktop versions of popular apps such as YouTube Music, Google Translate and Microsoft Translate.

Once a scheduled task mechanism triggers the malware installation process, it steadily goes through several steps over several days, ending with a stealth Monero (XMR) crypto mining operation being set up.

The cybersecurity firm said that the Turkish-based crypto miner dubbed ‘Nitrokod’ has infected machines across 11 countries.

According to CPR, popular software downloading sites like Softpedia and Uptodown had forgeries available under the publisher name "Nitrokod INC". 

Some of the programs had been downloaded hundreds of thousands of times, such as the fake desktop version of Google Translate on Softpedia, which even had nearly a thousand