Hackers have found a new way to target unsuspecting gamers with viruses, with the latest malware identified as "Crackonosh." The virus is hidden in cracked downloadable games like "GTA 5" and "NBA 2K19" that infects the computer with crypto-mining malware. Avast is working to find ways of diagnosing this problem.
If your computer has been slowing down or your Anti-virus security has been mysteriously deleted, then your device is probably suffering from a Crackonosh attack. This virus reached the whole world, and high rates of infected computers are reported over in the United States, Brazil, India and the Philippines.
Crackonosh hides in downloadable cracked versions of games on the internet. Avast broke down the innfected games:
- "Grand Theft Auto V"
- "NBA 2k19"
- "Far Cry5"
- "The Sims 4 Seasons"
- "Euro Truck Simulator 2"
- "The Sims 4"
- "Jurassic World Evolution"
- "Fallout 4 GOTY"
- "Call of Cthulhu"
- "Pro Evolution Soccer 2018"
- "We Happy Few"
Crypto-Mining Malware: Crackonosh
EnigmaSoft reported that this virus has been in circulation since 2018. In 2020 alone, over 222,000 computers have been infected with Crackonosh. Unfortunately, Crackonosh uses a subtle system, making it incredibly hard to detect.
Crackonosh is a cryptocurrency miner which focuses on XMR and masks itself as a program redistributable while deleting any security measures found in computers, specifically antivirus programs. Often, these programs end up as an empty folder.
After downloading cracked games and extracting the files, the virus enters the maintenance script, which counts system start-ups. When the counter reaches its limit, a service installer script sets the system on safe mode upon the next restart. In this mode, all antivirus applications are disabled, making the computer highly vulnerable.
Crackonosh then takes over and searches your computer for any installed third-party antivirus and disables or deletes them. It also deletes Windows Defender and Windows Firewall. Lastly, Crackonosh roams freely on your device and automatically launches its crypto-mining sequence.
Avast has checked and traced infected IPs, which showed over 370 results. Thankfully, developers were able to trace down Crackonosh and break its code. They have found the sources and suggested deleting a few files to restore full functionality.
How to Remove Crackonosh
Crackonosh attack does not alter or share any of the device information. They do, however, pry into cryptocurrencies and mining. Most of the mining data would be returned to the hacker remotely.
To remove Crackonosh, Avast suggests to immediately delete these files in: C:Windowssystem32
- 7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450
- 7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
- diskdriver.exe
- maintenance.vbs
- serviceinstaller.exe
- serviceinstaller.msi
- startupcheck.vbs
- startupchecklibrary.dll
- windfn.exe
- winlogui.exe
- winrmsrv.exe
- winscomrssrv.dll
- wksprtcli.dll
Also, delete the following Scheduled Tasks if you see them running.
- MicrosoftWindowsMaintenanceInstallWinSAT
- MicrosoftWindowsApplication ExperienceStartupCheckLibrary
- MicrosoftWindowsWDISrvHost
- MicrosoftWindowsWininetWinlogui
- MicrosoftWindowsWindows Error Reportingwinrmsrv
There might still be traces of the virus left. It is best to immediately reinstall the Windows Defender and new third-party security software.
Games, in general, are better played when paid for as it supports the developers and gives gamers authentic and good quality content. Remember that in this day and age, cybercriminals will always find ways to exploit us, especially through internet downloadables.
Related Article: 'Valheim' Maypole Crafting Guide: Materials Needed, Rested Buffs and More