According to Avast, Malware operator Crackonosh, which is believed to be operating from the Czech Republic, has earned more than 9,000 Monero (roughly $ 2 million at current exchange rates). The culprit has reportedly infected more than 222,000 Windows computers since 2018.
Typically, an attacker hides his malware in pirated and hacked copies of popular games, including Grand Theft Auto V, Far Cry 5, Fallout 4 GOTY, and so on.
Avast researchers began to study the malware after they learned that Crackonosh learned how to disable and remove their antivirus from infected hosts. It soon became clear that the malware also disables many other security products (for example, Windows Defender and Windows Update) and has a wide range of tactics to interfere with the work of cybercriminals and remain undetected on infected hosts.
As soon as Crackonosh infiltrates the victim’s machine, it downloads and launches XMRig and starts mining cryptocurrency on the infected machines.
Avast says its products alone have detected more than 222,000 unique Crackonosh-infected devices, with the majority of victims living in the United States, Brazil, India, Poland and the Philippines.
“As long as people continue to download compromised software, attacks like these will continue and generate profits for the attackers. The key conclusion is that you really cannot get something for free, and when you try to steal software, there is a high probability that someone will try to steal from you, ”the experts summarize.