Malware found in cracked versions of popular games such as NBA 2K19, Grand Theft Auto V and Far Cry 5 mines more than $2 million in Monero cryptocurrency
Hackers are using illegal copies of popular games to trick gamers into making them rich using hidden cryptomining tools, security experts have warned.
The “cracked” games also disable security tools – which is how computer security firm Avast first became aware of the virtual crime wave.
Avast said it a number of customers had received warnings that the security software was missing from their systems.
This turned out to be because a cracked game had disabled it.
Coin mining
Avast said hacked versions of popular games such as NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4 and Jurassic World Evolution were being distributed for free on forums.
The games contain malware Avast calls “Crackonosh” – which means “mountain spirit” in Czech folklore.
Avast believes the malware may be Czech in origin.
The malware disables security tools and Windows Update, and begins running cryptomining software called XMRig, which mines the Monero cryptocurrency.
XMRig is in itself a perfectly legitimate mining tool, but hackers have built it into a variety of malware that secretly installs it on victims’ computer systems, including corporate systems.
After analyzing wallets associated with Crackonosh, Avast found that the malware has generated more than $2 million (£1.44m) in Monero since 2018.
The mining software uses all available system resources, slowing the computer’s performance and generating higher electrical bills, according to Avast researcher Daniel Benes.
Fast-spreading infection
The company has detected some 220,000 infected users, with 800 added each day.
But the figures only cover Avast users, meaning the real number of infections is likely to be much higher.
The Philippines, Brazil and India have the largest number of infections, with the US counting more than 11,000 and the UK nearly 9,000.
Avast gave instructions on how to remove Crackonosh in an advisory.
Its anti-analysis techniques make it “very difficult to detect and remove” Benes wrote.
“Crackonosh shows the risks in downloading cracked software and demonstrates that it is highly profitable for attackers,” he wrote.
“As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers.
“The key take-away from this is that you really can’t get something for nothing.”