Over 220,000 Computers Infected by XMRig Malware Downloaded as Game Cracks

  • XMRig miners hiding inside popular game cracks are already making their distributors millions.
  • The malware disables any AV tools running on the infected computer and replaces critical system files.
  • The fact of the compromise is pretty ostensible, but the infection rates remain quite stable.

Avast warns about a new wave of malware distribution that they call “Crackonosh,” which appears to come from Czech authors. The malware is reaching computers through the voluntary download of shady executables that pose as crack files for popular games.

These are tools that promise to replace the binary of a game with a “cracked” one that can trick the anti-piracy system into believing that it’s a legit copy that has been activated with a purchased key. These cracks are very popular because they allow users to play games for free, but malware actors know this and take advantage of the situation.

Source: Avast

The most common cracks that hide “Crackonosh” inside them are those that promise to deliver unlocks for the following game titles:

  • NBA 2K19
  • Grand Theft Auto V
  • Far Cry 5
  • The Sims 4 Seasons
  • Euro Truck Simulator 2
  • The Sims 4
  • Jurassic World Evolution
  • Fallout 4 GOTY
  • Call of Cthulhu
  • Pro Evolution Soccer 2018
  • We Happy Few

What these cracks do is install the XMRig coin miner, which hijacks the victim’s computer resources and mines Monero for the account of the actors. Avast’s telemetry shows that at least 222,000 devices have been infected with the “Crackonosh,” making 9,000 XMR ($2 million) for the malware distributors. Admittedly, this is an impressive amount of money for doing almost nothing at all.

Source: Avast

The signs of infection are becoming obvious immediately because Crackonosh installs itself by replacing critical Windows system files and abusing the OS’s Safe mode. It does that to disable AV tools that may be running on the infected machine and Windows Defender, which is disabled and deleted. Additionally, Windows Updates are disabled permanently, and the Windows Security icon in the tray is replaced with a green tick. If you get one of the following errors on your system after installing a cracked game, you have been infected by Crackonosh.

Source: Avast

Because AVs are disabled, removing the malware requires manual intervention, deleting the files it dropped from all locations in the filesystem. Unfortunately, this is a pretty tedious process, but Avast has provided all the details in its write-up, like where to find each file, what exactly to delete, and what to reinstall.

In general, you should avoid downloading and installing game cracks from untrustworthy software sources. In almost all cases, these executables will infect your machine with something nasty. Remember, there’s no reason for anyone to create these files and share them for free with you.

Latest
How to Watch Shetland Season 7 Online From Anywhere
Shetland is back to answer all of the questions that left us hanging at the end of the last series, and you...
Real Madrid Vs Eintracht Frankfurt Live Stream: How to Watch UEFA Super Cup Final Online From Anywhere
The new soccer season is upon us, which means it is time for the UEFA Super Cup Final. Played between the previous...
How to Watch I Am Groot Online On Disney Plus
Marvel's I Am Groot is almost here, which means Marvel fans need to add one more show to their watchlist this summer. We...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]