Pixelette Technologies

Malware Abused 200k Windows for a Fraud of $2 Million

cryptocurrency malware target windows system
Crackonosh is distributed using copies of a popular software warez

On Thursday, the researchers at Avast published a report detailing the discovery of cryptocurrency mining malware targeting Windows Safe mode and generating over 9,000 Monero coins (evaluated at around $2 million today) through the compromise of more than 222,000 Windows systems.

As Avast dubbed Crackonosh, this latest version of malware is distributed via illegal and cracked copies of popular programs, referred to as “warez”, distributed via torrent sites and forums.

Malware is spreading swiftly

Over two million unique devices in over a dozen countries have been infected by the malware since December 2020. There were 1,000 hits every day on the malware as of May. The researchers have already discovered 30 variants of the malware, the most recent one of which was published in November 2020. 

Avast security researcher Daniel Bene*, who tracks malware, has reported that the Philippines had 18,448 victims; Brazil (16,584); India (13,779); Poland (12,727); the United States (11,856); and the United Kingdom (8,946).

Crackonosh operating surreptitiously

In response to reports that Crackonosh was removing its antivirus from infected machines, the researchers started investigating the threat. Further investigation found Crackonosh was also disabling popular antivirus vendors, including Windows Defender and Windows Update, for the same reason that it was concealing its location, which was intended to allow the malware to remain undetected on infected systems.

Crackonosh will mine Monero using the infected computer’s hardware after it weakens infected hosts using XMRig, a cryptocurrency miner. More than 100,000 systems were infected by another crypto-miner called DirtyMoe earlier this month. The main difference between DirtyMoe and Blackhole was that it was essentially propagated by an SMB worm and that its developer appeared to be from China rather than Europe.

Beneš said:

“As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.” 

Leave a Comment

Your email address will not be published. Required fields are marked *

Recent Posts


Topic(s) Of Interest

Social Share

Share this post with your friends, if you found our content interesting.

× How can we help you?
Pixelette Technologies Lead Generation - SEO - SMM - Web Development has 4.54 out of 5 stars 52 Reviews on ProvenExpert.com