Cracked copies of PC games used to spread Crackonosh Malware

Someone used cracked copies of the first video game titles to install crypto-mining malware on PCs belonging to hundreds of thousands of unsuspecting victims – a ploy that has compensated criminals with a whopping $ 2 million so far.

Researchers at Avast this week said newly discovered malware called Crackonosh had been detected in pirated copies of PC games as well Grand Theft Auto V and NBA 2K19.

Crackonosh does not immediately go to work once the infected game is installed. Like many viruses, it takes a hit to avoid arousing suspicion and taking its victims in fury. A malicious process is activated after a handful of restarts, which forces the system into safe mode, rendering it inert and easily removing all security tools.

“Crackonosh is installed by replacing critical files on the Windows system and abusing the Windows Safe mode to prevent system defenses,” wrote Avast malware analyst Daniel Bene. “This malware further protects itself by disabling security software, updating the operating system and adopting other anti-scan techniques to prevent detection, making it very difficult to detect and remove.”

Avast revealed Thursday, in fact, that it had discovered Crackonosh after hearing reports from reporters about its own mysteriously removed antivirus software.

G / O Media may earn a commission

The main goal of Crackonosh is the installation of XMRig, a CPU / GPU miner. More than 222,000 infections have been detected so far, including more than $ 2 million in Monero Mining, a popular cryptocurrency – a clear demonstration of the profitability of this attack. The first infections date back to June 2018, researchers say.

Beneš said the spread of malicious currency miners will never stop as long as the cracked software remains largely in circulation.

“The key to taking away from this is that you can’t get anything for nothing,” Beneš said, “and when you try to steal software, chances are someone will try to steal it.”