If you downloaded a Google Translate desktop app, it's probably cryptojacking malware

Daniel Sims

Posts: 668   +27
Staff
A hot potato: A desktop-native Google Translate app doesn't exist, but searching for one might bring up results from free software websites. Apps masquerading as Google Translate and several other services are part of a scam designed to deliver crypto-mining malware, which takes extensive steps to hide from multiple security protocols.

This week, IT security group Checkpoint Research (CRP) published a report on its discovery of a crypto mining malware campaign hiding behind legitimate-looking apps, including Google Translate. The programs download malware while performing their advertised functions to gain users' trust.

Researchers found the malware from Turkish developer Nitrokod on popular software download sites like Softpedia and Uptodown, which marked it as safe. The fraudulent programs include desktop versions of Google Translate, Yandex Translate, Microsoft Translator, YouTube Music, an mp3 downloader, and an auto-shutdown app.

Users who downloaded any of these programs should uninstall them asap and use the official web-based or mobile versions instead. None of these services have legitimate desktop apps, which makes Nitrokod's versions appear to be the only ones ranking high in search results.

Nitrokod designed the malware to appear legitimate after installation. The group's Google Translate app, for example, looks and works like the official webpage. That's because Nitrokod built it by converting Google's page through Chromium Embedded Framework. Furthermore, the apps don't start acting suspiciously right away. Instead, they wait until the user has reset the system at least four times on four separate days, which could take weeks, depending on the user. Checkpoint says this helps them avoid Sandbox detection.

Afterward, the malware deletes traces of its installation, making it harder for users to determine the source of suspicious activity. Nitrokod's software also checks for the presence of security software. It also won't start the mining program if it detects signs it is running on a virtual machine — a precaution against malware. After all these steps, the malware begins using the victim's computer to mine cryptocurrency.

TechSpot and other tech news websites often host safe downloads of many helpful utilities, including the Android version of Google Translate. Searching those sections is a secure way to find apps without running into malware.

Permalink to story.

 

Hodor

Posts: 251   +180
If you hear your laptop suddenly "sweating" (ramping up the CPU fan speed) for no good reason, that could be it. Though under Windows that happens fairly often with some legitimate apps, like Windows Defender. But if the period of "sweating" is prolonged and there are no apparent apps running, it's most likely malware.
 

Hotlynx16

Posts: 61   +14
The multinational company I worked for banned using Google translate in 2018 on company computers. They must have known something was up then! They banned USB access for most users in 2010. They used to send out fake phishing emails to the employees to test us, If you failed recognizing more than three times they took your internet away and sent you to a day long retraining class! And after that you still clicked on a fake phishing email you were fired!
 

dualkelly

Posts: 247   +309
If you hear your laptop suddenly "sweating" (ramping up the CPU fan speed) for no good reason, that could be it. Though under Windows that happens fairly often with some legitimate apps, like Windows Defender. But if the period of "sweating" is prolonged and there are no apparent apps running, it's most likely malware.
This is what you get when you use the app store in windows lol. delete the app store and download the programs you want to use like a normal person and you wont have any issues.
 
If you hear your laptop suddenly "sweating" (ramping up the CPU fan speed) for no good reason, that could be it. Though under Windows that happens fairly often with some legitimate apps, like Windows Defender. But if the period of "sweating" is prolonged and there are no apparent apps running, it's most likely malware.

AntiVirus/Malware companies should implement the "sweating" symptom as part of their detection algorithms. Not necessary rely on it solely, but look at what's throttling the CPU at all times. ;)