These cracked games infect your PC with malware that's damn hard to remove

These cracked games infect your PC with malware that's damn hard to remove

Downloading and installing pirated PC games can turn off antivirus software, stop Windows security updates, and hijack your beloved GPU to mine cryptocurrency.

So warns a new report from antivirus firm Avast, which says a new strain of coin-mining malware called "Crackonosh" has infected more than 200,000 Windows PCs since 2018, bringing the bad guys behind it nearly $2 million in Monero cryptocurrency

"Crackonosh is distributed along with illegally cracked copies of popular software and searches for and disables many common antivirus programs as part of anti-detection and forensic measures," avast researcher Daniel Benes wrote

Crack

Infected downloads including Crackonosh include Fallout 4 Game of the Year Edition, Far Cry 5, Grand Theft Auto V, NBA 2K19, Pro Evolution Soccer 2018, and The Sims 4 and The Sims 4 Seasons "cracked" installers are included.

If the anecdotal reports cited by avast were any indication, the cracked games played fine, with only invisible threats added.

Once the cracked game was installed, the malware modified the Windows registry and installed executables with names like winrmsrv.exe, winscomrssrv.dll, winlogui.exe and other normal Windows services (the latter performs coin mining).

Many cryptocurrency miners, also known as "cryptojackers," do not do much damage to infected machines. They just want to "borrow" CPU and GPU cycles to generate coins. Crackonosh, however, is different.

Antivirus software does not run in safe mode, so even Windows' own Microsoft Defender Antivirus, aka Windows Defender, gives Crackonosh an opportunity to attack if the PC is started in safe mode Crackonosh.

Disable Microsoft/Defender and remove Avast, Bitdefender, F-Secure, Kaspersky, McAfee, Norton, or Panda antivirus software if present. Then further tweak the registry and disable Windows security updates.

Thus the malware deploys the XMRig miner, ready to hijack your cycle and generate Monero.

If your machine is suddenly infected with a large amount of malware, your antivirus software is nowhere to be found, and you have not received any Windows updates in months, Crackonosh may be lurking. Getting rid of this malware is not easy; Avast's report provides a complete how-to, but it is quite technical and is best left to someone who knows the intricacies of the Windows registry.

It is best to avoid infection altogether by not installing the cracked software. If you must install the software, scan each software installer with antivirus software before running it. Simply right-click on the installer in the download folder and select "scan" with your preferred antivirus software from the pop-out menu.

"As long as people continue to download cracked software, these attacks will continue to be profitable for the attackers.

"And that means that when you try to steal software, there's a good chance someone else is trying to steal from you.

Categories