Over 220,000 Computers Infected by XMRig Malware Downloaded as Game Cracks

  • XMRig miners hiding inside popular game cracks are already making their distributors millions.
  • The malware disables any AV tools running on the infected computer and replaces critical system files.
  • The fact of the compromise is pretty ostensible, but the infection rates remain quite stable.

Avast warns about a new wave of malware distribution that they call “Crackonosh,” which appears to come from Czech authors. The malware is reaching computers through the voluntary download of shady executables that pose as crack files for popular games.

These are tools that promise to replace the binary of a game with a “cracked” one that can trick the anti-piracy system into believing that it’s a legit copy that has been activated with a purchased key. These cracks are very popular because they allow users to play games for free, but malware actors know this and take advantage of the situation.

Source: Avast

The most common cracks that hide “Crackonosh” inside them are those that promise to deliver unlocks for the following game titles:

  • NBA 2K19
  • Grand Theft Auto V
  • Far Cry 5
  • The Sims 4 Seasons
  • Euro Truck Simulator 2
  • The Sims 4
  • Jurassic World Evolution
  • Fallout 4 GOTY
  • Call of Cthulhu
  • Pro Evolution Soccer 2018
  • We Happy Few

What these cracks do is install the XMRig coin miner, which hijacks the victim’s computer resources and mines Monero for the account of the actors. Avast’s telemetry shows that at least 222,000 devices have been infected with the “Crackonosh,” making 9,000 XMR ($2 million) for the malware distributors. Admittedly, this is an impressive amount of money for doing almost nothing at all.

Source: Avast

The signs of infection are becoming obvious immediately because Crackonosh installs itself by replacing critical Windows system files and abusing the OS’s Safe mode. It does that to disable AV tools that may be running on the infected machine and Windows Defender, which is disabled and deleted. Additionally, Windows Updates are disabled permanently, and the Windows Security icon in the tray is replaced with a green tick. If you get one of the following errors on your system after installing a cracked game, you have been infected by Crackonosh.

Source: Avast

Because AVs are disabled, removing the malware requires manual intervention, deleting the files it dropped from all locations in the filesystem. Unfortunately, this is a pretty tedious process, but Avast has provided all the details in its write-up, like where to find each file, what exactly to delete, and what to reinstall.

In general, you should avoid downloading and installing game cracks from untrustworthy software sources. In almost all cases, these executables will infect your machine with something nasty. Remember, there’s no reason for anyone to create these files and share them for free with you.

How to Watch World Cup 2022 Online: Live Stream Soccer Matches for Free from Anywhere
It was the Kylian Mbappe show as France booked their place in the quarterfinals of the 2022 FIFA World Cup with a...
Monday Night Football Live Stream: How to Watch Online From Anywhere
Love the NFL? Want to catch all the action of the most exciting games but don't know how to do it? You're...
How to Watch Barmageddon Online: Stream the Blake Shelton & Carson Daly Game Show From Anywhere
This December, get ready to be entertained by the latest upcoming celebrity game show, Barmageddon. The great news is that you will...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari