Researchers at Check Point warn that attackers based in Turkey are distributing cryptomining malware via free software distribution websites, including Softpedia and uptodown. The malicious apps appear to be legitimate, but have malware packaged within them.
“Active since 2019, Nitrokod is a Turkish speaking software developer that claims to offer free and safe software,” the researchers write. “Most of the programs Nitrokod offers are popular software that do not have an official desktop version. For example, the most popular Nitrokod program is the Google Translate desktop application. Google has not released an official desktop version, making the attackers’ version very appealing.”
Check Point notes that the attackers use legitimate programs to develop these apps, and the malware waits nearly a month to execute in order to avoid detection.
“Most of their developed programs are easily built from the official web pages using a Chromium based framework,” the researchers write. “For example, the Google translate desktop application is converted from the Google Translate web page (https://translate.google.com) using the CEF project. This gives the attackers the ability to spread functional programs without having to develop them.”
The attackers use the legitimate Google Translate app, but install the malware as an update file.
“Infection chains are similar in most Nitrokod campaigns, starting with the installation of an infected program downloaded from the Web,” Check Point says. “Once the user launches the new software, an actual Google Translate application is installed. In addition, an updated file is dropped which starts a series of four droppers until the actual malware is dropped. After the malware is executed, the malware connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity.”
It’s not necessarily that anything is lost in translation, but that the translation app can be spoofed and used to distribute malware. New-school security awareness training can give your employees a healthy sense of suspicion so they can be careful about the software that they install.
Check Point has the story.