In brief: Once again, we're being reminded of the inherent dangers that come with free cracked games from forums and other sketchy sources. Malware called "Crackonosh," which installs cryptomining software on a device, has been found in 220,000 computers, a result of downloading games such as GTA V for nothing.
Security researchers at Avast write that Crackonosh, which has been around since 2018, has been found in free games given away on forums and torrent sites. They include Grand Theft Auto V, NBA 2K19, Far Cry 5, and Pro Evolution Soccer 2018.
Once infected, the malware surreptitiously installs cryptomining software that mines Monero without a user's knowledge. It's thought to have earned over $2 million for its authors, who are believed to be from the Czech Republic---Crackonosh means "mountain spirit" in Czech folklore.
Avast writes that Crackonosh installs itself by replacing critical Windows system files and abusing the Windows Safe mode to impair system defenses. It's able to avoid detection by disabling security software, operating system updates, and using other anti-analysis techniques, making discovery and removal very difficult.
Diagram of Crackonosh installation
As with all cryptojacking, users often only discover something is wrong when their system slows down, components wear out quickly, and electricity bills skyrocket.
Crackonosh has been found in more than a dozen countries, including:
- Philippines: 18,448 victims
- Brazil: 16,584 victims
- India: 13,779 victims
- Poland: 12,727 victims
- United States: 11,856 victims
- United Kingdom: 8,946 victims
Being even more difficult to trace than cryptos such as Bitcoin, Monero, which launched in 2014, is a digital currency popular among cybercriminals. JavaScript-based Monero miners, usually provided by Coinhive, were found to have been planted on several services a few years ago, including The Pirate Bay, Showtime, Kodi, and more. Coinhive itself, a legitimate service, closed down in 2019, though Monero cryptojacking hasn't gone away, as this discovery proves.
This is the second example this month of malware being spread in free games. A report revealed that millions of PCs had been infected using pirated games. Once compromised, the trojan stole data and even hijacked webcams to photograph users.