Previously undocumented Windows malware has infected more than 222,000 systems worldwide since at least June 2018, bringing developers more than 9,000 Moneros ($ 2 million) in illegal profits.
dubbing”CrackonoshThe malware is distributed via an illegally cracked copy of popular software, but disables the antivirus program installed on the machine and installs a coin minor package called XMRig to infect the host. Secretly exploits the resources of Monero to mine.
Between January 1, 2018 and November 23, 2020, at least 30 different versions of malware executables were discovered at Avast, a Czech cybersecurity software company. Said On Thursday, the majority of the victims lived in the United States, Brazil, India, Poland and the Philippines.
Crackonosh covers that track by replacing important Windows system files such as “serviceinstaller.msi” and “maintenance.vbs”. Safe mode, Prevent antivirus software from working, remove Windows Defender (and other installed solutions) and turn off automatic updates.
Malware has its own version of “” as part of its detection prevention and forensic protection.MSASCuiL.exe“(That is, Windows Defender) puts a Windows security icon with a green checkmark in the system tray and runs tests to determine if it’s running in a virtual machine.
Last December, security researcher Roberto Franceschetti Disclosure That antivirus application Disables when booting in safe mode Rename the application directory before the corresponding service starts in Windows.
However, Microsoft said the issue “does not meet security service standards,” pointing out that the attack assumes that it has administrator / root privileges, and that “malicious administrators are far more. May do bad things to you. “
Development is also coming as a suspected Chinese threat actor behind DirtyMoe And Purple fox The malware was found to be compromised on approximately 100,000 Windows machines as part of an evolving crypto jack campaign dating back to 2017.
“Crackonosh shows the risks of downloading cracked software,” said Avast security researcher Daniel Benesh. “As long as people keep downloading cracked software, such attacks will continue and continue to benefit attackers. The key point from now on is that trying to steal software really gives you nothing. No. Someone may be trying to steal from you. “
