back to article That 'clean' Google Translate app is actually Windows crypto-mining malware

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or …

  1. teknopaul

    Clever catch

    Must be hard to catch this sort of thing, those browser frameworks are essentially front ends to running arbitrary code off the Internet without all the cross site security checks.

    Same can be said for most mobile apps.

    "100% clean" is a dead giveaway tho, its straight out of the lexicon of Cut-me-own-throat Dibbler.

    1. JimboSmith Silver badge

      Re: Clever catch

      To quote Wallace of Wallace and Gromit fame……Now that’s clever. Are you reading this Baroness Harding, that is a sophisticated attack.

      1. Martin
        Unhappy

        Re: Clever catch

        Annoying, isn't it. If only the people responsible for this, and other, clever malware had instead turned their skills to legitimate ends - you never know, we might actually have some secure browsers and operating systems that worked well.

        1. Claptrap314 Silver badge

          Re: Clever catch

          Very little money in that, I'm afraid. The average consumer has no way to evaluate or value security.

    2. b0llchit Silver badge
      Facepalm

      Re: Clever catch

      ...those browser frameworks are essentially front ends to running arbitrary code off the Internet...

      And we spent so many years teaching people not to download executables from the internet and just run them... Now we have created an infrastructure to undermine basic security principles by clicking away in a browser.

      Should we be happy or sad? I for one have tears in my eyes when I see all the crap trying to run in the browser. Luckily, when a site shows nothing without having scripts enabled, then they clearly have nothing to say to me and can be disregarded immediately and completely.

      1. teknopaul

        Re: Clever catch

        The app in question was already installed as an .exe.

        It was not run from a Web browser. It's using the same tech as a Web browser.

        It's possible for any app to download mining software from the Internet and run it. Its not specific to apps using webkit and the like, point is it's harder to catch with static analisis.

        Actually, you would be better off running the code in a normal Web browser because it's safer.

        1. JBowler

          Re: Clever catch

          Indeed, it's pretty much a phish. "We offer Google Translate on your PC, without running some insane piece of code like Chome!" Pretty compelling. No mega webkit overhead (although do they build webkit into the .exe, probably) no massive suck-your-CPU multi-threaded hydra (that they can do) no Google (except in parts).

          Seriously, this is a good business model, from the marketing point of view.

    3. v13

      Re: Clever catch

      What???

      That's literally the exact opposite of what happened here. The browser app is the safe one. This was an exe that users who don't like browser apps downloaded and got fooled.

      Browser apps are quite well sandboxed. Only non-security-conscious people download executable from the internet to run locally in a non-sandboxed environment like Windows.

  2. This post has been deleted by its author

  3. GBE

    What is a "clean Windows app"?

    The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app

    Can somebody explain to us non-Windows people what a "clean Windows app" is? I googled that phrase, but didn't find anything helpful.

    1. doublelayer Silver badge

      Re: What is a "clean Windows app"?

      I'm not sure if you're joking, but in case that's a serious question, it's not a single term. It's a Windows app that is clean, I.E. doesn't contain malware.

      1. OhForF' Silver badge

        Re: What is a "clean Windows app"?

        Your interpretation of a "clean Windows app" shows the term is ambiguous and thus should not have been used in the article.

        I thought it refers to apps that promise to clean your system from left over registry keys/files from old (driver) installations or remove telemetry sent back home to Micros~1 and malware and all other kind of things.

        E.g. this list of PC cleaner software

        I have not checked any of the programs and do not recommend downloading and executing them.

      2. Alumoi Silver badge
        Joke

        Re: What is a "clean Windows app"?

        Right, the malware is the OS itself.

      3. Robert Grant

        Re: What is a "clean Windows app"?

        The "clean" seems redundant, then. I was also confused.

  4. Ken Hagan Gold badge

    So this is being pushed as a version of Google Translate that runs locally ... by making web requests under the hood.

    Given how GT works, which admittedly plenty of people won't know, even that description flags it as malware.

    1. doublelayer Silver badge

      Not necessarily. For one thing, having a program which makes web requests is not always a problem if, for example, it comes with an improved interface or other features that benefit from a local program. It could, for example, cache translation results and store them in a convenient local file which some users might value.

      For another thing, Google Translate does work offline, but only on phones. You can download offline translation databases which work when the phone is disconnected, though I think the quality is probably different when not using the server's presumably much larger ones. Someone who knew that might expect there to be a desktop application using the same files for offline translation, and if anyone from Google (or a different company with translation software) is reading this, I'd like that, please.

  5. MrReynolds2U

    I'm forever seeing links to supposedly legitimate software on Softpedia but I've never trusted it.

    Bring back Tucows.

    1. Toni the terrible Bronze badge
      Joke

      You should use a Corgi, they are meant to heard even more than TwoCows

  6. Jan K.

    "According to Softpedia, the Nitrokod Google Translator app has been downloaded more than 112,000 times since December 2019."

    Well, thanks for hosting over the years...

    It's probably impossible to scan whatever files floats around on the servers. Or nobody cares...

    1. Anonymous Coward
      Anonymous Coward

      Nobody cares. Why would they?

  7. NeilPost Silver badge

    Smegheads

    Lister : Beware of Trojans, they're complete smegheads!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like