Skip to main content
  1. Home
  2. Computing
  3. News

Beware, these free Windows apps are hiding a dangerous secret

Add as a preferred source on Google

The installation of malware that is being spread via free software sites has been found to be activated following a month-long delay, ultimately helping it avoid exposure.

As reported by Bleeping Computer, the malware campaign is being camouflaged as Google Translate or MP3 downloader programs. In reality, however, it operates as cryptocurrency mining malware for Windows-based systems.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

Discovered in 11 countries thus far, the bogus programs are hiding in plain sight within free software sites. A Check Point report details how a developer, who goes by the name of Nitrokod, is behind the malware.

Recommended Videos

Although they seem to be legitimate, Check Point confirmed how the applications would delay the installation of the malware for almost a month. From here, the infection chain “continued after a long delay using a scheduled task mechanism,” which allowed threat actors enough time to get rid of any evidence.

After a victim launches any of the infected software, a legitimate Google Translate application is installed on the system. The app is then able to clear all the system logs via PowerShell commands, in addition to the implementation of a firewall rule and excluding itself from being detected by Windows Defender.

Once several weeks pass, the malware is loaded, after which it connects to a C&C server in order to receive a configuration for the XMRig crypto miner. This allows the app’s malicious files to begin mining activity on the target’s PC.

Free software sites are an extremely popular search term for Google, with Nitrokod’s fake apps ranking high in search results. One of those websites, Softpedia, delivered over 112,000 downloads for the developer’s Google Translate app.

As pointed out by Bleeping Computer, crypto mining malware can put a system under a lot of stress due to the impact it has on hardware, as well as naturally leading to overheating. The overall performance of a machine can also become negatively affected if it utilizes extra CPU resources.

In regard to the malicious malware that is activated, this can be switched to potentially more dangerous code if the threat actor decides to do so.

It should be stressed that you should always check you’re downloading programs from official sources and be on the lookout for any suspicious developers, even if their version has been downloaded by hundreds of thousands.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more
Opera’s new Paste Protect feature stops the clipboard attack your antivirus can’t catch
ClickFix attacks trick you into compromising your own device, and no major browser had a native defense against them until now.
Opera Paste Protect featured

Most online scams are easy enough to spot once you know what to look for. Fake login pages, suspicious attachments, or urgent wire transfer requests are dead giveaways. But ClickFix doesn't look like any of them. It presents itself as a solution, and it asks you to do something so routine that few people think twice about it.

The technique was behind more than 53 percent of malware loader incidents last year, according to cybersecurity firm Huntress, and no major browser had a native defense against it until now. Opera is fixing that with a new feature called Paste Protect.

Read more