Hackers are targeting people with a new Monero cryptojacking malware by hiding and distributing it through popular cracked games, including Grand Theft Auto V (GTA V), NBA 2K19, and Pro Evolution Soccer 2018, according to a report by antivirus maker Avast.
For those unaware, cryptojacking is malware that infects computers to use them to mine cryptocurrencies usually without users’ knowledge. Gaming PCs are the perfect targets for crypto mining these days, as they are powerful and have a lot of computing power.
The malware in question, dubbed as “Crackonosh” by researchers at Avast, seems to have originated from the Czech Republic. This malware infects computers through illegal and cracked copies of popular software, often found via various torrent sites and forums as well as “warez” websites.
The malware disables Windows Defender and Windows updates as well as many popular antivirus programs installed on devices as part of its anti-detection and anti-forensics tactics. As a result, this makes it difficult for victims to remove it from their systems.
“Crackonosh protects itself by disabling security software and updates and uses other anti-analysis techniques,” researchers at Avast wrote. “These make it hard to discover, detect and remove.”
According to the researchers, Crackonosh has been in circulation since at least June 2018 with the hackers already making more than $2 million or 9000 Monero (XMR) in total, by infecting devices until now.
The malware has been discovered on devices in over dozen countries affecting over 222,000 unique devices since December 2020. Approximately 1,000 devices are being affected each day.
So far, 13,779 instances have been found in India, 16,584 in Brazil, 11,856 in the United States (U.S.), 8,946 in the United Kingdom (UK), 18,448 in the Philippines, and 12,727 in Poland.
In total, Avast was able to identify 30 different versions of serviceinstaller.exe, the main malware executable, from January 31, 2018 up to March 23, 2020.
“As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers,” Avast says. “The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”
Earlier this month, cybersecurity firm Kaspersky said it had detected over 432,171 instances of cryptojacking scams between January and March 2021. Of these, 200,045 encounters were in the month of March alone.
“It’s too early to say for sure if the trend we’ve noted in Q1 2021 is here to stay. However, it does seem that the increase in the value of Bitcoin and other cryptocurrency has sparked a renewed interest in miners.,” said Evgeny Lopatin, a security expert at Kaspersky.
“If the crypto markets remain strong this year, it’s likely we’ll continue to see more instances of users encountering miners,” he added.
Even before the boom of 2021, Japanese tech services firm, NTT in its Global Threat Intelligence Report for 2021, noted that cryptojacking schemes accounted for 41% of all malware last year.
Since the cryptocurrency mining scam runs in the background without the owner’s knowledge, victims can look for signs such as slowing down of the computer, wearing out of components due to overuse of computational resources, and increase in electricity bill, for being infected with malware.