Other Topics
    TechnologyDiscovered an active cryptocurrency mining campaign that mimics Google Desktop Translate

    Discovered an active cryptocurrency mining campaign that mimics Google Desktop Translate

    Google Translator icon – GOOGLE PLAY STORE

    Researchers have uncovered a new currently active cryptocurrency mining campaign that mimics the Google Desktop Translate application and other types of ‘software’ to infect victims’ computers.

    The cybersecurity company Check Point has indicated that this campaign has operated successfully for years and that it has 111,000 victims in 11 countries since 2019, as pointed out in a statement sent to Europa Press.

    Cybercriminals appear to release free ‘software’ available on popular websites such as Softpedia Y uptodown. However, this can also be found easily through Google.

    Read Also:   Apple will solve the problem of vibrations in the iPhone 14 Pro camera

    Specifically, when they type ‘Google Translate Desktop download’ in the search engine. After installing the software, the attackers delay the infection process for weeks to ensure that it removes traces of the original download.

    From Check Point they emphasize that the success of this campaign, created by a Turkish-speaking entity called Nitrokod, is due to the fact that cybercriminals have implemented some key strategies.

    Among them, the extension of the start of activity of the malicious ‘software’, which is executed for the first time almost a month after the installation of the counterfeit program. In addition, it is delivered after 6 previous stages of infected programs.

    Read Also:   Phone (1) embodies Nothing's commitment to innovative design with the Glyph interface and transparent case

    On the other hand, the infection chain continues after this delay using a scheduled task mechanism, so that the attackers can delete all their evidence in this time period.

    Regarding the methodology, this campaign is characterized by the fact that the infection begins with the installation of a previously infected program or service and downloaded from a web page.

    Then a real Google Translate copycat application is installed and an update file is dropped on the disk which starts a series of four ‘doppers’ until the real ‘malware’ is dropped.

    Read Also:   Qualcomm introduces the Snapdragon W5+ and W5 Gen 1 processors for the new generation of 'smartwatches'

    Once executed, it connects to your command and control (C&C) server to get a configuration for the XMRig cryptocurrency miner and begins its activity.

    To avoid this type of attack, the cybersecurity company recommends taking into account the domains of web pages and detecting possible spelling errors in them, as well as in the unknown email senders.

    It is also advisable to only download ‘software’ from known and authorized publishers and vendors and prevent zero-day attacks with a comprehensive and up-to-date architecture.

    Source: Europa Press


    Please enter your comment!
    Please enter your name here

    Latest Posts

    Read More