Hackers used cracked versions of popular games to infect unsuspecting victims’ computers, research by security company Avast shows. The scheme was employed to mine cryptocurrencies for hackers.
After investigating customer complaints on missing antivirus software, Avast discovered ‘Crackonosh’ malware its creators used to mine crypto with. According to researchers, indications left on the malware suggest its author may be from Czechia.
Users got infected with the malware by downloading cracks for illegal software. Once installed, ‘Crackonosh’ disabled antivirus programs to avoid detection for prolonged periods.
According to Avast, after installation, malware tried to remove Adaware, Bitdefender, Escan, S-secure, Kasperksy, Norton, Panda, and Mcafee antivirus systems. Malicious software was also programmed to disable Windows Defender and Windows Updates.
Researchers claim that the main target of the malware was the installation of the coin miner XMRig. After collecting data from all discovered wallets, Avast claims that hackers earned at least $2 million in crypto since June 2018. Proving that while users think they've downloaded games like Grand Theft Auto V, NBA 2K19 or Pro Evolution Soccer 2018 for free, there are hidden fees to pay.
‘Crackonosh’ infected devices all over the globe with over 220,000 systems compromised. Avast discovered the most infected users in the Philippines, Brazil, India, Poland, the US, and the UK.
“As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing, and when you try to steal software, odds are someone is trying to steal from you,” Avast’s Daniel Beneš writes.
Recently published report Gaming in a Pandemic by security company Akamai indicates increased interest in gamers. Akamai claims that attacks against gamers and gaming companies have increased by 340% since 2019. Around 4% of all attacks globally were targeted at the gaming industry.
Ironically, the report claims that Discord servers, initially meant to be used by gamers, have become a popular breeding ground for targets against gamers. Mos common tactics include the use of SQL injections (SQLi), Local File Inclusions (LFI), and Cross-Site Scripting (XSS).
The report also indicates over 10 billion credential stuffing attacks in 2020 alone, with some months registering as many as 157 million attacks. Credential stuffing attacks have become so popular and frequent that millions of records cost less than $10 on the dark web.
More from CyberNews:
Subscribe to our newsletter