Skip to main content

Beware, these free Windows apps are hiding a dangerous secret

The installation of malware that is being spread via free software sites has been found to be activated following a month-long delay, ultimately helping it avoid exposure.

As reported by Bleeping Computer, the malware campaign is being camouflaged as Google Translate or MP3 downloader programs. In reality, however, it operates as cryptocurrency mining malware for Windows-based systems.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

Discovered in 11 countries thus far, the bogus programs are hiding in plain sight within free software sites. A Check Point report details how a developer, who goes by the name of Nitrokod, is behind the malware.

Recommended Videos

Although they seem to be legitimate, Check Point confirmed how the applications would delay the installation of the malware for almost a month. From here, the infection chain “continued after a long delay using a scheduled task mechanism,” which allowed threat actors enough time to get rid of any evidence.

Please enable Javascript to view this content

After a victim launches any of the infected software, a legitimate Google Translate application is installed on the system. The app is then able to clear all the system logs via PowerShell commands, in addition to the implementation of a firewall rule and excluding itself from being detected by Windows Defender.

Once several weeks pass, the malware is loaded, after which it connects to a C&C server in order to receive a configuration for the XMRig crypto miner. This allows the app’s malicious files to begin mining activity on the target’s PC.

Free software sites are an extremely popular search term for Google, with Nitrokod’s fake apps ranking high in search results. One of those websites, Softpedia, delivered over 112,000 downloads for the developer’s Google Translate app.

As pointed out by Bleeping Computer, crypto mining malware can put a system under a lot of stress due to the impact it has on hardware, as well as naturally leading to overheating. The overall performance of a machine can also become negatively affected if it utilizes extra CPU resources.

In regard to the malicious malware that is activated, this can be switched to potentially more dangerous code if the threat actor decides to do so.

It should be stressed that you should always check you’re downloading programs from official sources and be on the lookout for any suspicious developers, even if their version has been downloaded by hundreds of thousands.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Google just made this vital Gmail security tool completely free
The top corner of Gmail on a laptop screen.

Hackers are constantly trying to break into large websites to steal user databases, and it’s not entirely unlikely that your own login details have been leaked at some point in the past. In cases like that, upgrading your password is vital, but how can you do that if you don’t even know your data has been hacked?

Well, Google thinks it has the answer because it has just announced that it will roll out dark web monitoring reports to every Gmail user in the U.S. This handy feature was previously limited to paid Google One subscribers, but the company revealed at its Google I/O event that it will now be available to everyone, free of charge.

Read more
Beware: many ChatGPT extensions and apps could be malware
OpenAI's ChatGPT blog post is open on a computer monitor, taken from a high angle.

ChatGPT fever has overtaken the internet, and rightly so since it's such a powerful new tool. Unfortunately, the most sought-after content is often fertile ground for hackers and scammers.

In a recent video, cybersecurity-focused YouTuber John Hammond warned that many ChatGPT extensions and apps could contain malware. It's a valid point, and we should all use caution when installing desktop browser add-ons and mobile apps.

Read more
Cybercrime spiked in 2022 — and this year could be worse
malwarebytes laptop

Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well -- but there were a couple of relative bright spots.

That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source -- and one of the most feared types of malware saw a hefty drop.

Read more