Google Translate desktop app includes malware
The most-used translation service in the world, Google Translate offers a web version and a mobile app, but Google doesn’t offer a desktop client. So malware developers took advantage of this hot spot to launch a Google Translate desktop version, but this desktop client has a hidden mining program that uses the user’s system resource to mine crypto.
This developer is from Turkey. Similar to some malware developers, he directly uses the digital signature applied by his own company to improve credibility. The malware developer, named Nitrokod, has launched counterfeit software including Google/Microsoft/Yandex translators, YouTube video downloaders, and more.
None of these services themselves have official desktop clients, so the developer’s counterfeit software ranks very high on Google searches. When users search, it is easy to fall into the trap of downloading and installing these counterfeit versions. After installation, the mining software will be automatically installed, and the user’s computer will be used to mine Monero.
In order to avoid being discovered by security software or users, this software will not mine immediately when installed, but will automatically start mining a few days after user installation.
“At this point, all related files and evidence are deleted and the next stage of the infection chain will continue after 15 days by the Windows utility schtasks.exe,” Marelus wrote. “This way, the first stages of the campaign are separated from the ones that follow, making it very hard to trace the source of the infection chain and block the initial infected applications.”
One stage also checks for known virtual-machine processes and security products, which might indicate the software is being analyzed by researchers. If one is found, the program will exit. If the program continues, it will add a firewall rule to allow incoming network connections.
Therefore, if users have installed these malwares, it is recommended to uninstall them immediately and scan them with antivirus software to avoid security problems caused by these malwares.
