Skip to main content

Beware, these free Windows apps are hiding a dangerous secret

The installation of malware that is being spread via free software sites has been found to be activated following a month-long delay, ultimately helping it avoid exposure.

As reported by Bleeping Computer, the malware campaign is being camouflaged as Google Translate or MP3 downloader programs. In reality, however, it operates as cryptocurrency mining malware for Windows-based systems.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

Discovered in 11 countries thus far, the bogus programs are hiding in plain sight within free software sites. A Check Point report details how a developer, who goes by the name of Nitrokod, is behind the malware.

Although they seem to be legitimate, Check Point confirmed how the applications would delay the installation of the malware for almost a month. From here, the infection chain “continued after a long delay using a scheduled task mechanism,” which allowed threat actors enough time to get rid of any evidence.

After a victim launches any of the infected software, a legitimate Google Translate application is installed on the system. The app is then able to clear all the system logs via PowerShell commands, in addition to the implementation of a firewall rule and excluding itself from being detected by Windows Defender.

Once several weeks pass, the malware is loaded, after which it connects to a C&C server in order to receive a configuration for the XMRig crypto miner. This allows the app’s malicious files to begin mining activity on the target’s PC.

Free software sites are an extremely popular search term for Google, with Nitrokod’s fake apps ranking high in search results. One of those websites, Softpedia, delivered over 112,000 downloads for the developer’s Google Translate app.

As pointed out by Bleeping Computer, crypto mining malware can put a system under a lot of stress due to the impact it has on hardware, as well as naturally leading to overheating. The overall performance of a machine can also become negatively affected if it utilizes extra CPU resources.

In regard to the malicious malware that is activated, this can be switched to potentially more dangerous code if the threat actor decides to do so.

It should be stressed that you should always check you’re downloading programs from official sources and be on the lookout for any suspicious developers, even if their version has been downloaded by hundreds of thousands.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Beware: many ChatGPT extensions and apps could be malware
OpenAI's ChatGPT blog post is open on a computer monitor, taken from a high angle.

ChatGPT fever has overtaken the internet, and rightly so since it's such a powerful new tool. Unfortunately, the most sought-after content is often fertile ground for hackers and scammers.

In a recent video, cybersecurity-focused YouTuber John Hammond warned that many ChatGPT extensions and apps could contain malware. It's a valid point, and we should all use caution when installing desktop browser add-ons and mobile apps.

Read more
Cybercrime spiked in 2022 — and this year could be worse
malwarebytes laptop

Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well -- but there were a couple of relative bright spots.

That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source -- and one of the most feared types of malware saw a hefty drop.

Read more
Beware — even Mac open-source apps can contain malware
A pair of glasses rests on a desk in front of multiple computer monitors filled with code.

Installing apps on a Mac is generally considered to be safer than doing so on Windows and open-source software is usually benign but there are exceptions to both of these assumptions that can do untold damage to your privacy and security.

A recent discovery by Trend Micro provides a startling example of this risk. An open-source app designed to help Mac owners with iPhone and iPad app signing has been altered to include a nasty hack that steals your Apple Keychain data. The original app is called ResignTool and it’s available for free on the popular open-source site, GitHub. The app is six years old and both the code and the ready-to-run app can be downloaded from GitHub. That isn’t the problem.

Read more