Cryptomining malware targeting pirated game downloads

IT’S time for a periodic reminder that games piracy is generally bad*, not only for the developers and teams making the game but potentially for the people downloading illegal versions of the game too.

*There’s arguably moral grey area for old abandonware/orphaned games where there’s no practical way to work out who actually owns the copyright anymore, but that’s not what we’re talking about here.

The researchers at Avast have identified a piece of cryptomining malware named “Crackonosh”, which is targeting gamers with cryptomining malware delivered via pirated versions of popular games.

The Crackonosh cryptomining malware has infected more than 222,000 computers around the world, including more than 3700 systems in Australia/NZ

According to Avast, the malware has been circulating since at least June 2018 and has infected more than 2,800 systems in Australia and 900 in New Zealand as part of more than 222,000 global infections, netting its creators more than AUD$2.6m to date.

The researchers also note “the number could be significantly higher as this is only what Avast software has detected” and that “Avast Threat Labs data also shows that over 800 devices continue to be infected every day”.

The researchers reported finding the malware in cracked/pirated versions of the following games being distributed via torrents:

  • NBA 2K19
  • Grand Theft Auto V
  • Far Cry  5
  • The Sims 4 Seasons
  • Euro Truck Simulator 2
  • The Sims 4
  • Jurassic World Evolution
  • Fallout 4 GOTY
  • Call of Cthulhu
  • Pro Evolution Soccer 2018
  • We Happy Few
Crackonosh installs itself by replacing critical Windows system files and then disables system defences, including Windows Defender and anti-virus/anti-malware programs.

Avast Threat Labs researcher Daniel Beneš said the malware installed itself by replacing critical Windows system files and then disabled system defences including Windows Defender and anti-virus/anti-malware programs.

 “This malware further protects itself by disabling some security software, operating system updates and employs other anti-analysis techniques to prevent discovery, making it very difficult to detect and remove,” he said.

“Once installed, the malware uses your computer in the background for cryptomining, helping the cybercriminals gain cryptocurrency by using the processing power of the malware-infected computers to solve complex mathematical problems and verify cybercurrency transactions.

“Infected users may notice that their computer is overheating or slowing down substantially in how it performs very simple processing tasks, but sometimes it can be hard to detect.

“As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”

The advice on how to avoid malware threats like Crackonosh is threefold:

  • Don’t download/torrent pirated video games
  • Make sure you’re running a robust anti-virus/anti-malware program
  • Keep Windows up to date

If you’re of a technical/IT bent, the Avast Threat Labs piece on Crackonosh has comprehensive details of the threat, how it works, how to recognize it, and how to remove it: https://decoded.avast.io/danielbenes/crackonosh-a-new-malware-distributed-in-cracked-software/

More like this
Season 2 of MTG Arena ANZ Champs Begins This Month