Avast warns of Crackonosh, over 220,000 systems infected


Samriddha Saha


Jun, 28.2021

According to Avast, a crypto miner named Crackonosh hides in some cracked games, who digs for Monero coins on infected systems. So far, more than 220,000 systems have allegedly been infected. According to the security company Avast, several cracked games are infected with a crypto miner that is digging for a cryptocurrency in the background. The company became aware of the malware through a Reddit post that was now nine months old: After a user had downloaded and installed the corresponding software, his anti-virus system was removed.

Crackonosh digs for Monero coins
This is said to have been caused by malware called "Crackonosh", the name chosen by Avast. The name is the Czech version of the mountain spirit Rübezahl and thus an indication of the suspected place of origin of the malware: Crackonosh probably comes from the Czech Republic. 


So far, the malware has only been detected in cracked games. If an infected program is installed, the anti-virus system is uninstalled and the Windows updates are deactivated. Then the malware starts to mine the computer for the cryptocurrency Monero and to transfer the calculated coins. According to Avast, Crackonosh has been around for at least three years: The first indications of the malware are from June 2018. In the meantime, over 220,000 systems are said to have been infected and around two million US dollars to have been exploited. Users from the USA, Brazil, India, the Philippines, and Poland are apparently mainly affected. But so far the company has also been able to identify 1,799 infected systems in Germany.

So far, the malware has been found in more than a dozen cracked games including:
Pro Evolution Soccer 2018
Grand Theft Auto V.
Fallout 4 GOTY
Far Cry 5
The Sims 4
The Sims 4 Seasons
Euro Truck Simulator 2
Jurassic World Evolution
Call of Cthulhu
We Happy Few