Cyber Criminals Targeting Gamers With Monero Mining Malware

  • The “Crackonosh” malware was found hidden in cracked versions of popular games such as NBA 2K19, GTA V, and Far Cry 5.
  • Active since 2018, the malware has drained over $2 million in XMR from users and affected around 220,000 computers.
Programming code


According to research published by security firm Avast, the “Crackonosh” malware has been circulating since at least 2018 and has yielded over $2 million for its authors in Monero (XMR). Around 220,000 users have been affected by the crypto mining malware worldwide, with 800 new devices infected every day, the research showed. However, the actual number might be even higher as the company only detected malicious software on devices that have the Avast antivirus installed. 

Avast researcher Daniel Beneš told CNBC that infected users have noticed that their computers have slowed down or deteriorated through overuse. Some have also noticed their electricity bills have gotten higher than normal. 

“It takes all the resources that the computer has to the computer is unresponsive,” he explained. “Crackonosh shows the risks in downloading cracked software and demonstrates that it is highly profitable for attackers.”

Beneš also noted there were possible indications that the author or authors of the malware were Czech. The Avast research team named the malware Crackonosh, which means “mountain spirit” in Czech folklore. 

Related Coverage
CipherTrace Files Patent For Monero-Tracking Technology
  • This is the second patent filing from the blockchain analytics firm that outlines a Monero tracking technology.
  • Both applications are the result of the firm’s work with the U.S. Department of Homeland Security, which began in 2019.
November 23, 2020, 2:13 PM
The United States Patent and Trademark Office in Alexandria

The United States Patent and Trademark Office in Alexandria, VA, USA on June 30, 2018. Shutterstock

Collaboration Between Interpol, Trend Micro Tackles Crypto Mining Malware
  • In 2019 Trend Micro created a document which detailed how routers in Asia were being affected by crypto mining malware.
  • Interpol then started an operation and was able to identify the infected routers.