Crackonosh virus extracted $ 2 million worth of Monero from 222,000 hacked computers



Previously undocumented Windows malware has infected more than 222,000 systems worldwide since at least June 2018, bringing developers more than 9,000 Moneros ($ 2 million) in illegal profit.

dubbing “CrackonoshThe malware is distributed via an illegally cracked copy of popular software, but disables the antivirus program installed on the machine and installs a minor package called XMRig to infect the host. Secretly exploits Monero resources to mine them.

Between January 1, 2018 and November 23, 2020, at least 30 different versions of malware executables were discovered at Avast, a Czech cybersecurity software company. Mentionned As of Thursday, the majority of the victims resided in the United States, Brazil, India, Poland and the Philippines.

Crackonosh covers this trail by replacing important Windows system files such as “serviceinstaller.msi” and “maintenance.vbs”. Safe mode, Prevent antivirus software from working, remove Windows Defender (and other installed solutions), and turn off automatic updates.

Crackonosh malware

Malware has its own version of “” as part of its detection prevention and forensic protection.MSASCuiL.exe“(That is, Windows Defender) places a Windows security icon with a green check mark in the system tray and runs tests to determine if it is running in a virtual machine.

Last December, security researcher Roberto Franceschetti Disclosure This antivirus application Disables when booting into safe mode Rename the application directory before the corresponding service starts in Windows.

Prevent ransomware attacks

However, Microsoft said the problem “does not meet security service standards,” pointing out that the attack assumes it has administrator / root privileges, and “malicious administrators are much more. wrong. “

Crackonosh malware

Development also arrives as Chinese actor suspected of threat behind SaleMoe And Purple fox The malware was found to be compromised on approximately 100,000 Windows machines as part of an evolving crypto jack campaign dating back to 2017.

“Crackonosh shows the risks of downloading pirated software,” said Daniel Benesh, security researcher at Avast. “As long as people continue to download pirated software, such attacks will continue and continue to benefit attackers. The key point from now on is that trying to steal software really doesn’t get you anything. No. Maybe someone is trying to steal from you. “

Crackonosh virus extracted $ 2 million worth of Monero from 222,000 hacked computers


Leave A Reply

Your email address will not be published.