Hackers have been baiting gamers with free games which have secretly helped them mine cryptocurrency. Hidden inside the code of these games is a piece of crypto-mining malware called Crackonosh, which generates digital money once the game has been downloaded.
Crackonosh installs itself by replacing critical Windows system files and abusing the Windows Safe mode to impair system defences. This malware further protects itself by disabling the security software, operating system updates and employs other anti-analysis techniques to prevent discovery, making it difficult to detect and remove.
The malware is being hidden in the free versions of games such as Grand Theft Auto V, NBA 2K19, Far Cry 5, The Sims 4, and Jurassic World Evolution, which are available to download on torrent sites, Avast has confirmed.
Researchers at Avast say that these ‘cracked’ games have been finding their way to over 800 new computers every day and that it only where antivirus is installed, so the true number is expected to be far higher. Criminals have made more than $2m (£1.4m) with the scam.
So far, the malware has been found in more than a dozen countries, including:
- Philippines: 18,448 victims
- Brazil: 16,584 victims
- India: 13,779 victims
- Poland: 12,727 victims
- United States: 11,856 victims
- United Kingdom: 8,946 victims
"Crackonosh shows that trying to get games for free can get you something you didn't expect - malware" said Christopher Budd from Avast. "And we can see that this is highly profitable for the malware authors."
A motivation for financial gain is continuing, pushing attackers to try to profit from malicious malware. Cybersecurity firm Kaspersky had reported earlier this year that they had observed over 200,000 instances of such cryptomining malware in just the first quarter of 2021.
Detections of crypto-mining malware surged by 53% quarter-on-quarter in the final three months of 2020 as the value of Bitcoin soared, according to Avira.
"The rapid increase in coin-miner malware suggests that malware authors are taking advantage of the price trend in recent months and increasingly spreading malware that aims to exploit other people’s computer resources for illegal mining activities,” argued Alexander Vukcevic, previous director of Avira Protection Labs.
- Fake Bard AI malware: Google seeks to uncover cybercriminalsTechnology & AI
- Boeing cyberattack: Protecting assets from digital crimeCyber Security
- Radiflow to support customers in NIS2 cyber complianceCyber Security
- Trend Micro: The future of cybersecurity in manufacturingOperational Security