XMRig hidden in another app - google translator

[PawGo]

It seems that recently it is very fashionable to "hide" xmrig miner in different kinds of software. It was in python libraries downloaded as a dependency (https://bitcointalk.org/index.php?topic=5410076.msg60763132), recently it was found that Turkish campaign "Nitrokod" infected several "free" apps.
Programs were in fact "wrapped" web pages for popular webservices, so development was quite easy and allowed to have wider range of software covered.

More details:
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

[joniboini]

Even if there is no hidden miner script, anyone should never download from a third-party website like that. Even Google explicitly states there is no desktop version of their translation service. Don't rely too much on antivirus too, most of the time we can just avoid any trouble if we research for a bit.

[jackg]

Sounds like it qad very simple to make. I'm surprised it's worked and is on desktop though - I thought apps might be harder to find especially without advertisement.

Antivirus is good with known threats and lesser known software (and to track when some programmes are using too many system resources) but I don't think it'd have helped in this case as the app was downloaded from a fairly random source anyway and users might just override the antivirus if they did want the app to work.

[o48o]

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

I wouldn't trust anti-virus scanners on this as they come behind the viruses. Not only they could have miners working in background. They could have wallet stealers and keyloggers. All they need is to get one right person affected and it pays off for them.

I am always assuming if i get warez or programs from unknown sources that they have viruses. I am using a virtual enviroment for them if i need to install one and keep my computer with my real email and

I get a lot of people in twitter telling me they want to buy promotion from me with a good price. They send me something that look like contract documents or something like that in .rar packages but after closer look they have another extention after .doc extention. (aka viruses)

I am betting people are falling these a lot because they keep doing this scam.

[vv181]

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

I wouldn't trust anti-virus scanners on this as they come behind the viruses. Not only they could have miners working in background. They could have wallet stealers and keyloggers. All they need is to get one right person affected and it pays off for them.

Antivirus software and viruses/malware are in a whack-a-mole situation, but that doesn't mean using antivirus is not giving you a benefit at all. It comes different when the user trying to be a power user or bypassing the antivirus security system due to might be a false flag or just simply an ignorance. A malware that is fashioned to be an antivirus is surely an ironic thing, but one can try to find a reputable and battle-tested antivirus officially, to prevent those kinds of things.

[jrrsparkles]

It seems that recently it is very fashionable to "hide" xmrig miner in different kinds of software. It was in python libraries downloaded as a dependency (https://bitcointalk.org/index.php?topic=5410076.msg60763132), recently it was found that Turkish campaign "Nitrokod" infected several "free" apps.
Programs were in fact "wrapped" web pages for popular webservices, so development was quite easy and allowed to have wider range of software covered.

More details:
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/

Do not install software which you do not really need or from "unknown" software providers. Use anti-virus scanner.

Antivirus even along with web security features may not be helpful in such cases because generally they detect the existing threats so when something new the anti virus may not do anything for a while.

So we need to be aware of such security threats especially when we arr using the device where our crypto wallets installed.

[o48o]

Antivirus software and viruses/malware are in a whack-a-mole situation, but that doesn't mean using antivirus is not giving you a benefit at all. It comes different when the user trying to be a power user or bypassing the antivirus security system due to might be a false flag or just simply an ignorance. A malware that is fashioned to be an antivirus is surely an ironic thing, but one can try to find a reputable and battle-tested antivirus officially, to prevent those kinds of things.

What i mean is that windows own anti-virus system is so powerful at this point that i wouldn't recommend a 3rd party system messing things up. That's all i am saying. But there's no system that would keep users safe when users see warnings as false positives and launch .exes anyway that antivirus tries to block.

Just NOT downloading any weird obscure software keeps newbs way safer than any 3rd party free or paid antivirus software out there. It's really hard to build idiot-proof systems when the idiots have a say what's better for their data safety.