Cryptojacking: A corrupt Google translator mines cryptos on more than 100,000 PCs

oriXone

Cryptojacking: A corrupt Google translator mines cryptos on more than 100,000 PCs

Corrupt, cryptojacking, cryptos, Google, Mines, PCs, translator

news hardware Cryptojacking: A corrupt Google translator mines cryptos on more than 100,000 PCs

Using this fake Google translation software, this scammer managed to scoop a sizeable jackpot in the utmost discretion. By infiltrating and installing mining software on more than 100,000 PCs, the scammer was able to set up a veritable “covert” mining farm.

Cryptojacking: undetectable crypto mining

To steal cryptocurrencies, hackers redouble their ingenuity. With the recent crypto bubble, the sector has become very lucrative, with many individuals paying the price. These attacks can take various more or less known forms.

While phishing attacks are mostly detectable, cryptojacking is also very common, but much less detectable.

Cryptojacking consists of hiding malicious software on a computer or smartphone in order to use it to mine certain cryptocurrencies. By harnessing the processing power of your PC or phone, hackers can generate mining-related profits. The threat is very serious because to be efficient the software needs to be invisible, therefore you can get infected without knowing it and without being particularly knowledgeable in the cryptocurrency world.

More than 100,000 PCs recently paid the price…

Corrupt “Google Translate” software mines crypto without your knowledge

Hidden under well-known applications like Google Translate, cryptojacking malware has managed to infect as many as 112,000 computers.

We found out about this last Monday through a report from Check Point Research (CPR). Specifically, the cybersecurity research team said that the software has been exploiting a large number of computers for several years.

Using only the name “Google Translate,” the malware has allowed hackers to use these thousands of machines to mine the Monero (XMR) cryptocurrency. The attack is not new, as the under-the-radar software has been able to use victims’ computers since 2019, in 11 countries:

  • Israel
  • Germany
  • United Kingdom
  • United States
  • Sri Lanka
  • chypre
  • Australia
  • Greece
  • Turkey
  • Mongolia
  • Poland

Therefore, although the infected machines are not necessarily real mining RIGs, we can imagine that the operation could still bring the pirates a jackpot.

The “success” of the malware is partly explained by the fact that it has been integrated into clones of well-known software such as YouTube Music, Google Translate or Microsoft Translate. Although there is no desktop version for Google Translate according to the research team, this bogus software has been made available on reputable websites like Softpedia or Uptodown.

Cryptojacking: A corrupt Google translator mines cryptos on more than 100,000 PCs

The software benefited from the visibility of multiple websites and quickly rose in Google search results. Originally promoted by a Turkish software developer called ‘Nitrokod’, the ‘free and safe’ software therefore spread like wildfire to victims’ computers.

A methodical infection

Once the malware has executed, the infection begins and the installation of the malware is meticulous – it takes several weeks to take effect… In fact, the software starts extracting cryptos almost a month after installation.

The process is divided into several phases:

  • By installing in .rar, attackers can download a package to create the files on the computer.
  • Once executed, the software does not contain anything of concern since it is generally an exact copy of the official version. Only it already sends the information of the infected machine to the attacker.
  • After 4 restarts over a period of 5 days, the software proposes an update and executes the “update.exe” program, this is where the serious stuff begins…
Cryptojacking: A corrupt Google translator mines cryptos on more than 100,000 PCs
  • After the period expires, the program will perform the 4 tasks mentioned above.
  • After several days of process (usually 1 month), the malicious cryptomining software runs as “powermanager.exe”.

The machine is then infected, “Nitrokod” only has to extract the Monero crypto without the consent of the victims, without them even realizing it. In fact, the almost invisible infection usually results in a slight system slowdown. If you want to know more, you can get advice Detailed report by Check Point Research.

This event is a reminder of the threats that abound on the Internet. If you don’t want to make your PC work for others, it is highly recommended to prefer official websites when downloading software to protect yourself from this type of risk.

Leave a Comment