How This Crypto-Mining malware-Infected P.C through fake Google Translate App

The latest cybersecurity breach with crypto-mining malware infecting Windows P.C.s has been brought to light. The Check Point Research (CPR) is said to be created by “Nitrokod,” a Turkish company. It is being said that these activities have been running since 2019. Thousands of P.C.s have since been mined with crypto since then.

The malware came with the software, which does not have a desktop version. This was brought to light in a study by Check Point Research (C.P.R.).  

Crypto-Mining malware-Infected P.C through fake Google

Let’s know about Crypto-mining and how it is done.

It is also known as bitcoin mining and is the process in which the transactions in the global network of computers are validated digitally. They are then added to the bitcoin ledger. The computers used in this process are high-powered, and these transactions are called blocks. Miners pay a high transaction fee for the execution of the steps.

It requires complex algorithms to record and verify transactions on blockchains. Bitcoin’s Proof of work mechanism includes all this work. Every 10 minutes, a new block is added to it.

Companies do Bitcoin mining on a large scale by using data centres with specific servers. There are numerous mining computers in various mining farms. They are usually in a particular location that can hold all the systems.

David Weisberger, CoinRoutes’s C.E.O says- “The input determining whether such activities are profitable is the cost of electricity to power the mining computers.”

 Due to their high energy demands, Farms are usually near energy sources like dams and gas wells. They require more energy to operate to maintain such data flow.

How can one be saved from such malware?

  • Use an up-to-date Antivirus and Malware protection software.
  • Browsers can be made safer with ad blockers.
  • Cryptojacking scripts are running on various websites; avoid them.
  • Server parks can be protected with cybersecurity systems.

How exactly this malware infects various P.C.s?

After installing the application infected with malware, the application installs actual Google translate. Translating a web page from the real  Google Translate Program used Google chrome chromium code. This allows hackers to give practicality to their developed programs.

When users start their system, a pre-decided update check is delivered to the hackers. The mining software is installed after a month. This is to avoid any kind of doubt in the user’s mind regarding any unusual activity. They named the program powermanager.exe.

 Now, after the user restarts the system four times, a link is extracted from a different R.A.R file. This is the method to stay away from the eyes of the antivirus software which uses Sandbox detection.

In the next step, the stage four dropper creates the following four tasks:

  • Install Dropper 5 to check the system for certain security firewalls. Another malicious link is dropped to avoid the system Firewall. Any firewall detected is signalled to hackers.
  • All the incoming files are then dropped into a folder. This folder is temporary. There is no Windows defender activity in the temporary folder. Then, without the users’ consent mining of cryptocurrency starts after the mining malware is transferred to this folder.

 What all regions are affected by this malware?

The people from the U.K, the U.S.A, Sri Lanka, Greece, Germany, Israel, Turkey, Australia, Cyprus, and Poland have been cheated with this malware. This was a Trojan campaign that involved disseminating malware-free programs available on websites like Softpedia and Uptown because of the popularity of these sites.

According to a report by Softpedia, Since December 2019, the Nitrokod Google translator has been downloaded more than 112,00 times.

What does V.P of Research have to say in this matter?

The Vice President, Maya Horowitz, has advised some security tips to help reduce the risk. “Beware of lookalike domains, website spelling errors, and unfamiliar email senders. Only download software from authorized, known publishers or vendors and ensure your endpoint security is up to date and provides comprehensive protection,” she said.

In the increasing world of blockchains and cryptocurrencies, it is advised to keep a nice check on the activities. Downloading random applications from the internet will lead to this kind of fraud. The system needs to be checked regularly for any suspicious functioning. Keeping track of the system activities can help in spotting the bug.

Leave a comment