Malware author Have Mined over 9000 Monero After Infecting 222,000 Windows Systems

Researchers have discovered a malware copy that spreads via pirated software and has disabled antivirus software and Windows Update on at least 222,000 computers. The compromised machines are used to mine the cryptocurrency Monero, antivirus company Avast reports in an analysis.

The Crackonosh malware is hidden in pirated, cracked versions of popular games such as Grand Theft Auto V, The Sims 4, and Euro Truck Simulator 2. As soon as users launch the installer, the malware is also installed. The malware tracks the number of system reboots and will boot the system in safe mode after a few times.

When the system is booted in safe mode, the malware disables Windows Defender and Windows Update. In addition, several antivirus programs are removed, including Avast, Bitdefender, F-Secure, Kaspersky, McAfee, Norton, and Panda. To keep users from noticing, the malware places a Windows Security icon in the system tray.

The ultimate goal of the malware is to allow infected systems to mine the cryptocurrency Monero. The researchers found that the malware has been active since June 2018 and has mined 9,000 Monero since then. At the time of writing, that is more than 1.5 million euros. "As long as people continue to download cracked software, these types of attacks will remain profitable for attackers," said researcher Daniel Benes.

Avast detected the malware on 222,000 customers. These are just people using the antivirus company's software, so the actual number could be higher.

Previous Post Next Post