Hackers Sneak Malware Onto Gamer's PCs

Torrent downloads hide executable for farming cryptocurrency

Since at least 2018, hackers have been sneaking malware dubbed "Crackonosh" into torrent downloads of popular video games in order to use gamers' PCs to farm Moreno cryptocurrency.

Security firm Avast has reported that torrent downloads of popular PC games such as NBA 2K19, GTA V, and Far Cry 5 are being used to install "mining malware" on gamers' PCs. The malware, which Avast refers to as "Crackonosh," takes advantage of Windows Safe mode to skirt around antivirus software. It then disables system security features in order to make itself more difficult to detect or remove.

Boy with headphones playing on his computer

La Bicicleta Vermella / Getty Images

One major red flag to look out for is your PC unexpectedly restarting in Safe Mode, which Avast notes could take several restarts after installing the infected downloads. Most security programs don't activate when the system boots up in Safe Mode, which allows the malware to finish installing itself.

Part of this process includes searching for and deleting antivirus programs such as Adaware, Norton, and McAfee.

If you believe Crackonosh may have been installed on your computer, you can take a look at Avast's Indicators of Compromise (IoCs) document to see if anything matches up. You also can find detailed instructions on removing the malware from your system in Avast's report.

A list of infected installers


Avast cautions against downloading and installing cracked software, stating, "The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you."

It is theorized that Crackonosh has been in circulation since at least 2018, using over 222,000 infected PCs to mine over $2 million in Moreno cryptocurrency worldwide.

Was this page helpful?