CATEGORIES
home News

Crackonosh Malware Bypasses Antivirus Software And Enslaves PCs To Mine Cryptocurrency

by Nathan OrdFriday, June 25, 2021, 02:00 PM EDT
malware that uninstalls antivirus software being installed with pirated games
As it goes, crime never pays, and neither does pirating software, as some people on the internet have come to find out. In the last year, there have been reports that popular antivirus programs, like Avast, disappeared from users’ computers. Researchers at the Czech company found that this activity was tied to a new malware called “Crackonosh,” which comes bundled with illegally downloaded copies of popular software.

Among many other people, Reddit user /u/Well-oh-well reported that a new Windows 10 laptop booted with an error, restarted, and then came back as normal. After that, however, the “Avast Antivirus shortcut icon was blank and sure enough the avast folder in my programs folder was totally empty.” This Reddit user came to the conclusion that the only risk factors they could think of were “a few PC games [they] downloaded via torrent,” or their stepdaughter downloading Google docs. Unfortunately, one of those happens to pose more risk and is interesting, so Avast themselves decided to investigate.

reddit malware that uninstalls antivirus software being installed with pirated games

After some research, “Crackonosh” was found and subsequently named due to “some possible indications that the malware author may be Czech.” The Avast team also found that this malware “is distributed along with illegal, cracked copies of popular software and searches for and disables many popular antivirus programs as part of its anti-detection and anti-forensics tactics.” Interestingly, the list of infected illegal installers that Avast created is primarily pirated games, with titles like Grand Theft Auto V, Far Cry 5, NBA 2K19, and others.

installers malware that uninstalls antivirus software being installed with pirated games

If some person happens to stumble upon and install any of these pirated popular games, it kicks off Crackonosh’s installation process. The chain reaction sets a script to boot Windows into safe mode to disable Windows Defender and all other antivirus software installed. Then, the malware can update itself freely and start a cryptocurrency miner which has seemingly been able to mine 9000 XMR, equivalent to more than $2,000,000, across all infected devices.

process malware that uninstalls antivirus software being installed with pirated games
Crackonosh Malware Installation Process

To eliminate Crackonosh, users must re-enable and reinstall antivirus products like Windows Defender and then remove the files listed on Avast’s website. However, if people were not pirating software initially, there would not be an issue now. In any case, do you think this is a comeuppance for people doing illegal things, or is it no good all around? Let us know in the comments below.

Tags:  Malware, security, Antivirus, Avast
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment