A new type of malware hidden in illegal copies of popular software deletes antivirus programs and uses the victim’s computer to mine cryptocurrency.
Known as “Crackonosh” — a name that suggests the hackers behind this malware are from the Czech Republic — the malware installs a program called XMRig, which uses computing power to mine for the privacy-focused cryptocurrency Monero.
The malware has been found in bootlegged versions of games including Grand Theft Auto V, Far Cry 5, Euro Truck Simulator 2 and The Sims 4.
Avast, an antivirus company that has investigated the vulnerability, says there is a way to remove Crackonosh — and set out detailed instructions in a recent blog. The authors added:
“Overall Crackonosh shows the risks in downloading cracked software. It also shows that it’s highly profitable for attackers. Crackonosh has been circulating since at least June 2018 and has yielded over $2 million for its authors in Monero from over 222,000 infected systems worldwide.”
The company added that, as long as people continue to download cracked software through torrents and unreliable websites, attackers will still have an incentive to produce such malware.
“The key takeaway from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”
Most of the victims of Crackonosh have been based in the Philippines — with Brazil, India, Poland, the U.S. and the U.K. other common hotspots.
Researchers warned that the installation of crypto mining software without someone’s knowledge can also have some other unpleasant consequences — slowing their computer down, wearing down the machine’s components, and even increasing the amount of money they end up spending on electricity.