How hackers are secretly mining crypto by infecting games

Share
Hackers are using illegal copies of popular games to trick gamers into making them rich using hidden cryptomining tools, security experts have warned

Hackers have been baiting gamers with free games which have secretly helped them mine cryptocurrency. Hidden inside the code of these games is a piece of crypto-mining malware called Crackonosh, which generates digital money once the game has been downloaded.

Crackonosh installs itself by replacing critical Windows system files and abusing the Windows Safe mode to impair system defences. This malware further protects itself by disabling the security software, operating system updates and employs other anti-analysis techniques to prevent discovery, making it difficult to detect and remove. 

The malware is being hidden in the free versions of games such as Grand Theft Auto V, NBA 2K19, Far Cry 5, The Sims 4, and Jurassic World Evolution, which are available to download on torrent sites, Avast has confirmed. 

Researchers at Avast say that these ‘cracked’ games have been finding their way to over 800 new computers every day and that it only where antivirus is installed, so the true number is expected to be far higher. Criminals have made more than $2m (£1.4m) with the scam.

So far, the malware has been found in more than a dozen countries, including:

  • Philippines: 18,448 victims
  • Brazil: 16,584 victims
  • India: 13,779 victims
  • Poland: 12,727 victims
  • United States: 11,856 victims
  • United Kingdom: 8,946 victims

"Crackonosh shows that trying to get games for free can get you something you didn't expect - malware" said Christopher Budd from Avast. "And we can see that this is highly profitable for the malware authors." 

 

Cryptomining malware

 

A motivation for financial gain is continuing, pushing attackers to try to profit from malicious malware. Cybersecurity firm Kaspersky had reported earlier this year that they had observed over 200,000 instances of such cryptomining malware in just the first quarter of 2021.

Detections of crypto-mining malware surged by 53% quarter-on-quarter in the final three months of 2020 as the value of Bitcoin soared, according to Avira.

"The rapid increase in coin-miner malware suggests that malware authors are taking advantage of the price trend in recent months and increasingly spreading malware that aims to exploit other people’s computer resources for illegal mining activities,” argued Alexander Vukcevic, previous director of Avira Protection Labs.

Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security