Crackonosh, the malware that attacks gamers

June
29, 2021

2 min read

If you are a gamer , you should be careful of the “pirate” versions of your favorite video games. The cybersecurity company Avast published an investigation carried out by its Threat Laboratory on the discovery of a new malware called Crackonosh that hides in “cracked” games.

It is a malicious crypto mining program that takes its name from Czech folklore meaning “mountain spirit” and has been circulating since at least June 2018.

According to the investigation, this malware has already generated its authors more than two million dollars in the Monero cryptocurrency, coming from more than 222 thousand infected systems around the world. Avast even warns that in Mexico Crackonosh has already infected 2,200 systems.

The majority of users infected with Crackonosh are from Brazil, the United States, India, the Philippines and Poland, with an average of between 12 and 19 thousand infected systems per country.

^{Countries affected by Crackonosh / Image: Avast}

Crackonosh spreads by getting into “cracked” versions of popular online games. Cracked versions are pirated copies of games that people download to avoid paying for the original versions.

Malware has been found in cracked versions of these games:

• NBA 2K19
• Grand theft auto v
• Far cry 5
• The Sims 4 Seasons
• Euro Truck Simulator 2
• The sims 4
• Jurassic World Evolution
• Fallout 4 GOTY
• Call of Cthulhu
• Pro Evolution Soccer 2018
• We Happy Few

When Crackonosh is installed, it looks for a way to protect itself, so it replaces critical files on the Windows system and uninstalls some security programs such as Adaware, Bitdefender, Escan, F-secure, Kaspersky, Mcafee (scanner), Norton and Panda.

“Crackonosh is very profitable for attackers and warns of the risks of downloading cracked software. As long as people continue to download cracked software, these types of attacks will continue to be profitable for their authors,” says Daniel Beneš, malware researcher at Avast.