Story image

Avast finds cybercriminals are targeting gamers with cryptomining malware

By Ryan Morris-Reade, Wed 30 Jun 2021

Avast finds cybercriminals are targeting gamers using cracked games with cryptomining malware Crackonosh.

Avast Threat Labs has released new research that reveals cybercriminals are targeting gamers with cryptomining malware Crackonosh through cracked or pirated versions of popular games. To date, they have earned over $2 million (NZ $2.8 million) in cryptocurrency.

Circulating since at least June 2018, the malware has been found hidden in pirated versions of games such as Grand Theft Auto V, Far Cry 5, NBA2K19, and Fallout 4 GOTY, all of which can be found on torrent sites.

Avast says Crackonosh has infected over 222,000 systems worldwide since December 2020, including 2,837 in Australia and 900 in New Zealand, but say the number could be significantly higher as this is only what it’s detected. Avast Threat Labs data shows that over 800 devices continue to be infected every day.

“Crackonosh installs itself by replacing critical Windows system files and abusing the Windows Safe mode to impair system defences,” says Avast Threat Labs malware analyst, Daniel Bene.

“This malware further protects itself by disabling some security software and operating system updates, and employs other anti-analysis techniques to prevent discovery, making it very difficult to detect and remove.”

Once installed, the malware sits in the background using the victim's computer for cryptomining, making the cybercriminals cryptocurrency by using infected computers to solve complex mathematical problems and verify cybercurrency transactions.

Infected users may notice that their computer is overheating or slowing down substantially even when performing simple processing tasks, but it can often be hard to detect.

“As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers,” says Bene.

“The key take-away from this is that you really can’t get something for nothing, and when you try to steal software, odds are someone is trying to steal from you.”

Crackonosh is most prominent in the United States, Brazil, India, the Philippines, and Poland, with notable infections in the United Kingdom, France, Italy, and Canada. Other countries include Mexico, Argentina, Spain, Portugal, Australia, New Zealand, South Africa, Greece, Sweden, Turkey, Pakistan, and Indonesia.

Advast gives some tips to avoid cryptomining:

  • Don’t download pirated or cracked versions of games, as you don’t know what else you may be downloading.
  • Use a strong antivirus to protect against cryptojacking by detecting unsecured websites, and help detect and block most malicious software, such as cryptomining malware.
  • Always make sure Windows is updated to protect against vulnerabilities that can be used to spread cryptomining attacks.

Avast Threat Labs found Crackonosh in cracked versions of the following games: NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4 Seasons, Euro Truck Simulator 2, The Sims 4, Jurassic World Evolution, Fallout 4 GOTY, Call of Cthulhu, Pro Evolution Soccer 2018, and We Happy Few.

Recent stories
More stories