Posted on June 27, 2021 at 5:16 PM

Hackers Infecting Free Gaming Software with ‘Crackonosh’ Malware

Cybercriminals have developed a new way of stealing from those using free gaming software from torrent sites. The threat actors target individuals with a mining malware called ‘crackonosh’ to accumulate wealth from cryptocurrencies.

A report published by Avast, a security firm, revealed these details stating that the free versions of gaming software such as Grand Theft Auto V, NBA 2K19, The Sims 4, Far Cry 5 and Jurassic World Evolution had been affected by the malware.

How it works

Avast also gave a detailed publication of how the malware works. According to the report, once the malware has been installed, it gains access to the computer’s processing power. Hackers tap into this power to mine cryptocurrencies.

At the time of publication, Avast stated that the hackers had used the malware to mine around $2 million worth of Moreno crypto. Hackers have been using this malware to mine Moreno since June 2018, with most of their attacks going undetected.

A researcher from Avast also stated that the affected computers slowed down, and their performance deteriorated with time. Furthermore, the affected computers consumed high amounts of power, causing an increase in electricity bill. According to the research, “It takes all the resources that the computer has so the computer is unresponsive.”

The publication also noted that the hackers behind the malware had taken several steps to avoid detection. Some of these steps include disabling the Windows update function and uninstalling the antivirus installed on the user’s computer.

Avast commenced its research into the malware when users reported that the software was missing from their devices. A user posted an example of this attack on Reddit, claiming that the Avast software had disappeared from its systems. The security firm later investigated the matter and other similar matters, which was when it discovered the attack.

It is reported that Crackonosh has affected around 220,000 users globally, and Avast fears that the number could be even higher. The research further indicates that 800 computers are affected each day. This number is suspected to be even higher because the metrics only covered devices that had installed the Avast antivirus software.

The report indicates that the highly affected users operate from Brazil, India, the Philippines, and the US.  However, users from other countries may have also been affected by the malware.

The origin of the malware has not been identified. However, there is a high chance that the threat actors may be operating from the Czech Republic because of the name Crackonosh. The name is a part of Czech folklore, which means a mountain spirit.

The report further indicates that the malware has shown that it is highly profitable, and hence more threat actors may join in and attack more devices. Moreover, the threat posed by the malware shows there is a high risk that lies with downloading cracked software.

According to Daniel Benes, a researcher with Avast, “As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers.” He added that “The key take-away from this is that you really can’t get something for nothing, and when you try to steal software, odds are someone is trying to steal from you.”

High Level of Persistence

It is not the first time that threat actors have looked into gaming software to launch their attacks. A previous discovery of malware within gaming software was discovered by Cisco-Talos, a security research firm. The research uncovered cheat software in multiple games. Moreover, a hacking campaign was launched earlier this month that targeted gamers on the Steam platform.

The pandemic has increased the number of cyberattacks targeting gamers. A  report by Akamai security revealed that cyberattacks on gaming systems had increased by 340% since the pandemic started. This resulted from people downloading games after lockdowns and movement restrictions were imposed.

Steve Ragan, a researcher with Akamai Security, stated that “Criminals are relentless, and we have the data to show it.” This shows that gamers and internet users, in general, need to remain vigilant.

According to Ragan. “We’re observing a remarkable persistence in video game industry defences being tested on a daily — and often hourly — basis by criminals probing for vulnerabilities through which to breach servers and expose information. We’re also seeing numerous group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.”

Other security firms are yet to reveal if the Crackonosh software has been detected in their user’s systems. However, we expect the same to be reported, given that the sophistication used in this attack shows their vigilance.