Prague, Czech Republic, June 25, 2021 — Avast (LSE:AVST), a global leader in digital security and privacy, has reported a new Monero crypto-miner malware, Crackonosh, that has been circulating since at least June 2018 and has yielded over 2 million USD in revenue for its creators from over 222,000 infected systems worldwide.
Crackonosh searches for and disables many popular antivirus programmes as part of its anti-detection and anti-forensics tactics and also disables system updates that help keep the devices vulnerable. The malware was found to be distributed along with illegal and stolen copies of popular online games people download to avoid paying for the games, which secretly generates digital money once the game has been downloaded.
According to Avast’s discoveries, Crackonosh mostly infected users in Brazil, India, Poland, the Philippines and the United States. However, notable infection rates were also reported in Canada, France, Italy and the United Kingdom. Other affected countries included Argentina, Australia, Greece, Indonesia, Mexico, Pakistan, Portugal, South Africa, Spain, Sweden and Turkey.
When Crackonosh is installed, it automatically starts mining Monero crypto coins without the users’ knowledge. It also takes actions to protect itself, including disabling Windows Updates and uninstalling all security software. The crypto-miner programme, which then runs in the background, can significantly slow computers down, increase the users’ electricity bills and put them at risk from security threats.
Crackonosh was found in the cracked versions of the following games:
How to Avoid Crackonosh
The best way to protect against Crackonosh is to avoid it entirely by downloading games and other software only from official websites and stores. Users are also advised to be aware of illegitimate sources offering paid-for games for free and to avoid unofficial vendors.
More technical information on Crackonosh can be found on the Avast Decoded Blog.