Crackonosh: A dangerous malware in pirated games and software

Crackonosh

The creation of malware has been a constant on the Internet for many years and every year new variants are found that seek to deceive users in the most sophisticated ways. Now, the latest one to gain popularity is called Crackonosh and it has already caused serious complications in hundreds of thousands of computers around the world.

In recent days, an Avast report has given details about Crackonosh , a malware that has been in existence since 2018 but that has spread in recent months with more than 30 variants and that is reached through unlicensed and cracked software, being pirate video games one of the most common examples.

How Crackonosh works

Avast Crackonosh

Chart of countries with the highest number of infected computers

The download of corrupt files cause Crackonosh to attack around 1000 devices per day and more than 222,000 computers around the world have already been affected.

Pirated video games have been the most chosen form for this malware , traces of it being found in installers of titles such as Fallout 4 Game of the Year edition, Far Cry 5, Grand Theft Auto V, NBA 2K19, Pro Evolution Soccer 2018, The Sims 4 and more. Because the game installs correctly, no one notices that malicious software has also been added.

Basically the operation of Crackonosh is based on the user’s belief that they are executing a file corresponding to a cracked version of legitimate software. Subsequently, an installer and a script that modifies the Windows registry make it easier for the main executable of the malware to run in safe mode .

In this way, the infected system will start the next time in safe mode and thus the antivirus that is installed will not work. With this, the malware is able to deactivate and remove Windows Defender from the computer as well as search for software records of popular companies such as Avast, Kaspersky, McAfee, Norton and Bitdefender, and also try to deactivate or eliminate them.

It will not be easy for the user to find details about the presence of Crackonosh in the system since the Windows registry files are deleted , at the same time that they try to disable Windows Update and replace Windows Security with a false green icon in the tray.

The final and most important step is the installation of XMRig, a cryptocurrency miner that uses system resources to mine the Monero (XMR) cryptocurrency . It is believed that so far those responsible have already generated more than two million dollars in profit using this method.

Tech Week