Hackers target gamers’ PCs with malware for crypto millions

The “Crackonosh” - titled malware is being hidden in the free versions of games including NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4 and Jurassic World Evolution, which are available to download on torrent sites, Avast has confirmed.

Once installed, the malware uses the computer’s processing power to mine cryptocurrencies for the hackers. It has been used to generate $2 million worth of a cryptocurrency known as monero since at least June 2018, Avast added. The signs of infection include computers slowing down or deteriorating through overuse and rising electricity bills.

The company’s researchers say in the region of 220,000 users have been infected worldwide, with about 800 devices being infected daily. However, Avast only detects any malicious software on devices which have its antivirus software, meaning the numbers could be significantly higher. So far India and the Philippines are the worst affected countries, while the US has also seen many cases.

Researchers explained that Crackonosh protects itself once installed by disabling Windows Updates and uninstalling security software, among other steps. Avast believes the author of the malware may be Czech, because Crackonosh means ‘mountain spirit’ in Czech folklore. It was discovered after its customers reported the firm’s antivirus was missing from their systems.

Cyber hackers targeting gamers is not a new thing

This is not the first time malware has impacted games. Researchers at Cisco-Talos discovered it inside cheat software for multiple games in March. A new hacking campaign also targeted gamers via the Steam platform earlier this month. A report last week from Akamai Security reported a surge of 340% in cyber attacks during the pandemic.

Steve Ragan, an Akamai security researcher and author of the State of the Internet Security report, said there was a remarkable persistence in video game industry defences being tested on a daily and often hourly basis by cyber criminals probing for vulnerabilities. He added there were also numerous group chats forming on popular social networks dedicated to sharing attack techniques and best practices.