Free games including GTA V have infected 222,000 PCs with cryptojacking malware

midian182

Posts: 7,060   +62
Staff member
In brief: Once again, we're being reminded of the inherent dangers that come with free cracked games from forums and other sketchy sources. Malware called "Crackonosh," which installs cryptomining software on a device, has been found in 220,000 computers, a result of downloading games such as GTA V for nothing.

Security researchers at Avast write that Crackonosh, which has been around since 2018, has been found in free games given away on forums and torrent sites. They include Grand Theft Auto V, NBA 2K19, Far Cry 5, and Pro Evolution Soccer 2018.

Once infected, the malware surreptitiously installs cryptomining software that mines Monero without a user's knowledge. It's thought to have earned over $2 million for its authors, who are believed to be from the Czech Republic—Crackonosh means "mountain spirit" in Czech folklore.

Avast writes that Crackonosh installs itself by replacing critical Windows system files and abusing the Windows Safe mode to impair system defenses. It's able to avoid detection by disabling security software, operating system updates, and using other anti-analysis techniques, making discovery and removal very difficult.

Diagram of Crackonosh installation

As with all cryptojacking, users often only discover something is wrong when their system slows down, components wear out quickly, and electricity bills skyrocket.

Crackonosh has been found in more than a dozen countries, including:

  • Philippines: 18,448 victims
  • Brazil: 16,584 victims
  • India: 13,779 victims
  • Poland: 12,727 victims
  • United States: 11,856 victims
  • United Kingdom: 8,946 victims

Being even more difficult to trace than cryptos such as Bitcoin, Monero, which launched in 2014, is a digital currency popular among cybercriminals. JavaScript-based Monero miners, usually provided by Coinhive, were found to have been planted on several services a few years ago, including The Pirate Bay, Showtime, Kodi, and more. Coinhive itself, a legitimate service, closed down in 2019, though Monero cryptojacking hasn't gone away, as this discovery proves.

This is the second example this month of malware being spread in free games. A report revealed that millions of PCs had been infected using pirated games. Once compromised, the trojan stole data and even hijacked webcams to photograph users.

Permalink to story.

 

wiyosaya

Posts: 6,366   +4,675
Why does this headline say "Free games" - they are not Free, they were Pirated. It should say "Pirated games" or "Illegally downloaded games" ...
Absolutely agree. I have quite a library of legal free games that I got through giveaways from places like GOG and Ubisoft. Those are not pirated; they are free games I got legally, but they are unlikely to be Trojan horses.
 

eTheBlack

Posts: 14   +25
Why does this headline say "Free games" - they are not Free, they were Pirated / stolen. It should say "Pirated games" or "Illegally downloaded games" ... If you steal something it doesn't make it "Free".
Well, technically is copying
 

Bamda

Posts: 270   +133
Now, this is the kind of hacking I can support. Let the hackers feed off the pirates!
 

Knot Schure

Posts: 369   +175
Pirating safely is relatively easy, they're just n00bs.
Now this ain't true.

Installing software / games from unknown sources, especially AAA games and the like, is a playground for hackers etc.

I had C&C3 for years, not knowing it was infected until my Antivirus one day updated and exposed it.

And I thought I had run every check reasonably known to man on it, before I installed it.

Get Steam, pay your one-off fee, support developers, and simply try to be a more honest person.
 

arrowflash

Posts: 459   +495
When I first saw the headline, I thought it was about free games given away by Epic Games Store.

Same here.

Now this ain't true.

Installing software / games from unknown sources, especially AAA games and the like, is a playground for hackers etc.

I had C&C3 for years, not knowing it was infected until my Antivirus one day updated and exposed it.

And I thought I had run every check reasonably known to man on it, before I installed it.

Get Steam, pay your one-off fee, support developers, and simply try to be a more honest person.

True, this is why you should only install cracked games from known, reliable sources. :D

Scene releases (with .iso files that can be checked for checksum parity) from well known reputable sites are as safe as Steam or GOG.
 

MaestroIT

Posts: 55   +47
Now this ain't true.

Installing software / games from unknown sources, especially AAA games and the like, is a playground for hackers etc.

I had C&C3 for years, not knowing it was infected until my Antivirus one day updated and exposed it.

And I thought I had run every check reasonably known to man on it, before I installed it.

Get Steam, pay your one-off fee, support developers, and simply try to be a more honest person.

Completely agree, malware these days can pass through and hide in computers in many ways, even an expert computer user can get infected if installing suspicious software from the dark net.

Cracked executables are the worst, who knows what can hide inside them.
 

scavengerspc

Posts: 1,573   +1,584
TechSpot Elite
Now this ain't true.

Installing software / games from unknown sources, especially AAA games and the like, is a playground for hackers etc.

I had C&C3 for years, not knowing it was infected until my Antivirus one day updated and exposed it.

And I thought I had run every check reasonably known to man on it, before I installed it.

Get Steam, pay your one-off fee, support developers, and simply try to be a more honest person.
Oh **** man you have done it now! ;)
 

Nobina

Posts: 3,282   +3,350
Now this ain't true.

Installing software / games from unknown sources, especially AAA games and the like, is a playground for hackers etc.

I had C&C3 for years, not knowing it was infected until my Antivirus one day updated and exposed it.

And I thought I had run every check reasonably known to man on it, before I installed it.

Get Steam, pay your one-off fee, support developers, and simply try to be a more honest person.
You seem to have no idea what you're talking about. That is exactly what I mean, people just don't know how it's done. It is highly unlikely that you had a virus for years until your AV updated and found it. The fact that you said that proves you're not versed in these kind of things. You should absolutely stick to paying then.
 

McMurdeR

Posts: 325   +318
You seem to have no idea what you're talking about. That is exactly what I mean, people just don't know how it's done. It is highly unlikely that you had a virus for years until your AV updated and found it. The fact that you said that proves you're not versed in these kind of things. You should absolutely stick to paying then.

We'll all believe you if you explain how to do it!
 

Knot Schure

Posts: 369   +175
You seem to have no idea what you're talking about. That is exactly what I mean, people just don't know how it's done. It is highly unlikely that you had a virus for years until your AV updated and found it. The fact that you said that proves you're not versed in these kind of things. You should absolutely stick to paying then.
Over 20 yrs in networking / IT and communications, I therefore believe I have a very good idea what I'm talking about, thank you very much.

If you prefer - I can spoon feed you a fuller explanation, if you like;

I downloaded the game, ran it through multiple Spyware and A/V programs.

I installed said game, and used it for years, always keeping the originally downloaded ISO for new machines / installs.

Some years later, my A/V picks up on a Trojan. Surprised I unpacked the original ISO stored on another machine, ran it though same A/V, and sure enough, a Trojan had existed all that time.

So even if you check - not all A/V's are aware of all viruses.

As for 'knowing how to do it proper', yes I used to use Newsgroups, and those hard-to-get CDs with all manner of s/w on them. But even there - those CDs were too found to contain viruses, that we were not yet aware of.

Key gens, bad ISOs, and so on, go ahead and keep exposing yourself.

It sounds like you could well be the 'noob' here.
 

McMurdeR

Posts: 325   +318
Over 20 yrs in networking / IT and communications, I therefore believe I have a very good idea what I'm talking about, thank you very much.

If you prefer - I can spoon feed you a fuller explanation, if you like;

I downloaded the game, ran it through multiple Spyware and A/V programs.

I installed said game, and used it for years, always keeping the originally downloaded ISO for new machines / installs.

Some years later, my A/V picks up on a Trojan. Surprised I unpacked the original ISO stored on another machine, ran it though same A/V, and sure enough, a Trojan had existed all that time.

So even if you check - not all A/V's are aware of all viruses.

As for 'knowing how to do it proper', yes I used to use Newsgroups, and those hard-to-get CDs with all manner of s/w on them. But even there - those CDs were too found to contain viruses, that we were not yet aware of.

Key gens, bad ISOs, and so on, go ahead and keep exposing yourself.

It sounds like you could well be the 'noob' here.

Moreover, it's a risky business sharing illegal content these days, in that there are actual consequences if you get caught. If anyone's doing it on a systematic scale, then there has to be some other motivation than ' the good of the community'.
 

Nobina

Posts: 3,282   +3,350
Over 20 yrs in networking / IT and communications, I therefore believe I have a very good idea what I'm talking about, thank you very much.

If you prefer - I can spoon feed you a fuller explanation, if you like;

I downloaded the game, ran it through multiple Spyware and A/V programs.

I installed said game, and used it for years, always keeping the originally downloaded ISO for new machines / installs.

Some years later, my A/V picks up on a Trojan. Surprised I unpacked the original ISO stored on another machine, ran it though same A/V, and sure enough, a Trojan had existed all that time.

So even if you check - not all A/V's are aware of all viruses.

As for 'knowing how to do it proper', yes I used to use Newsgroups, and those hard-to-get CDs with all manner of s/w on them. But even there - those CDs were too found to contain viruses, that we were not yet aware of.

Key gens, bad ISOs, and so on, go ahead and keep exposing yourself.

It sounds like you could well be the 'noob' here.
Ok, than that noob has a better track record of not catching viruses than you with your 20 years of networking.

We'll all believe you if you explain how to do it!
There's no one definitive way of doing it.
 

PEnnn

Posts: 635   +617
Hacked or not, mining is like herpes, the gift that keeps on giving.

The fact that Bitcoin is now 1/2 it's worth from mere 4 weeks ago, shows how "stable and good" this ponzi scam is.