Researchers from Avast say the “Crackonosh” malware has been living in the 222,000 computers worldwide, which have installed the cracked version of the games from Torrent. Some of them are “Grand Theft Auto V” and “NBA 2k19.”
Crackonosh is distributed along with illegal, cracked copies of popular software and searches for and disables many popular antivirus programs as part of its anti-detection and anti-forensics tactics.
The most important goal of Crackonosh was the installation of the coin miner XMRig. The pool sites showed payments of 9000 XMR in total, which is over $2,000,000 USD.
“The cryptocurrency-hacking software is the reason behind the big scam. Like any other digital currencies, Monero is a target of cybercriminals who want to access accounts and take away the money from the owners”, according to a report from security firm Avast.
How Crackonosh Malware Works?
Crackonosh malware works by replacing critical Windows system files such as serviceinstaller.msi and maintenance.vbs to cover its tracks and abuses the safe mode, which prevents antivirus software from working, to delete Windows Defender and other installed solutions and turn off automatic updates.
The malware also installs its version of “MSASCuiL.exe” (i.e., Windows Defender), which puts the icon of Windows Security with a green tick to the system tray and runs tests to decide if it’s running in a virtual machine.
Researchers from Avast say the malware takes specific actions to hide from possible power users who use tools that could disclose its presence. It uses Windows-like names and descriptions like winlogui.exe which is the Windows Logon GUI Application.
Highly Profitable For Attackers
On the whole, Crackonosh shows the risks in downloading cracked software and demonstrates that it is highly profitable for attackers. Crackonosh has been circulating since at least June 2018 and has yielded over $2,000,000 USD for its authors in Monero from over 222,000 infected systems worldwide.
Therefore, the installation of crypto mining software without someone’s knowledge can also have some other consequences warns the researcher. The impact may include slowing their computer down, wearing down the machine’s components, and even increasing the amount of money spending on electricity.
Avast advises those who are downloading illegal game versions to be more careful with the malware scheme. Avast security researcher Daniel Benes mention “Crackonosh shows the risks in downloading cracked software. As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”