Cryptojacking is a growing problem and gamers are particularly being targeted by malware that uses their computers to mine for cryptocurrency, according to recent research published by security firm Avast. According to the research, cyber criminals have been targeting gamers with ‘Crackonosh’, a crypojacking malware. Crackonosh was installed into the gamers’ system while free versions of games like NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4, and Jurassic World Evolution were downloaded from unreliable sources like torrents.
In June this year, a team at G Data Software discovered a hacking campaign that was targeted at gamers using Steam. Researchers at Cisco-Talos found out malware inside cheat software of multiple games. And Akamai Security Research recently reported a 340 percent surge in the number of cyberattacks on gamers during the coronavirus pandemic.
Gadgets 360 caught up with Daniel Benes, a malware researcher with Avast and the author of the report on crypojacking to find out more about the threat, why gamers are being targeted, and how to keep our devices safe from the attack. Here are Benes’ responses, edited slightly for brevity.
What is cryptojacking? How does it get installed into a user’s system?
In cryptojacking malware, the attacker uses the resources of the infected machine to mine cryptocurrency. This malware became popular with the first wave of cryptocurrency and the Bitcoin boom around 2018. Since then, a lot of different tactics have been used (by the hackers) to infect personal computers. DirtyMoe (a Windows botnet) using known system vulnerabilities is an example of this.
How did the team at Avast discover the recent threat caused by the Crackonosh malware?
We started our research after we discovered a post on Reddit about a missing Avast folder from a user’s system. We looked into this issue and found a new malware that we’re calling ‘Crackonosh’.
How did the name ‘Crackonosh’ come about?
The name Crackonosh is a combination of words – Krakonoš, a fairy-tale character and spirit/protector of Czech Giant Mountains, and Crack, from cracked software. The other interpretation of the word in Czech language means the one who brings (-noš) cracked software (Crack).
Once installed, is the presence of the malware easily detectable? How can a user detect if his system is infected by a cryptojacking malware?
Crackonosh does a great job in hiding itself on computers, but it has the same flaw as other cryptojacking malwares. An infected computer becomes slower, unresponsive, and the fans get noisier due to all the heat produced by mining on the devices. Users can also have problems with short battery life and higher power consumption.
Why do you think Crackonosh malware is particularly targeting gamers?
Piracy of computer games is large enough that it pays for attackers to crack the game or pack the cracked games with Crackonosh, as we can see in our numbers. People who download cracked games are certainly not concerned about their security as (compared to) other PC users.
Are there any other user groups who are more susceptible to cryptojacking attacks?
All the people who download and run softwares from unreliable sources are susceptible to cryptojacking attacks. Also people who solve their cybersecurity issues by stating that “There is nothing to steal or destroy in my computer.” are in danger of cryptojacking.
As per your report, India is one of the worst affected countries by cryptojacking. Why do you think this is happening?
India is one of the most populated countries; therefore it doesn’t come as a surprise that India is being highly targeted.
What measures can the users take to ensure the safety of their devices against cryptojacking attacks?
Users should install all the security updates available for their PC and should use antivirus software. Most importantly, you have to (be able to) trust the source of any file you want to download from the Internet. With respect to PC software, its developer and sellers are the sources that you should trust.