Hackers Are Targeting Gaming PCs with a Cryptominer
By Nick Anderson 6 minutes
As a gamer, there are certain things you must never do if you want to keep your device protected against malicious programs. Like downloading games from unknown sources, you must also be cautious of downloading free games from torrents or elsewhere. The recent revelation of how hackers are targeting gamers is a grim reminder of how malware infiltrates a system.
A new report indicates that a cryptominer is harvesting computing resources and is being distributed through downloadable games. The malware termed “Crackonosh” appears to disable device security like anti-virus to avoid detection and continue functioning without intervention.
What is a Cryptominer?
The term mining refers to the process of producing cryptocurrency. The various cryptocurrencies that exist in the world today are based on Blockchain technology. The “coins” are generated by solving complex mathematical problems to verify and add a block to the blockchain.
Because math is very complex, it requires a great amount of computational prowess to get the job done. Moreover, the complexity of generating new coins increases over time, and may require more specialized hardware.
In its prime, Bitcoin saw people from around the world flock to invest in this cryptocurrency that was rapidly getting more valuable. If you held 1 BTC six years ago at a certain price, it would be valued at nearly $40k in 2021. At $1000 a coin at the time, your holding would have increased forty times. So, it should be apparent why cryptocurrency mining is so lucrative.
So, what is the one thing that is popular among miners and gamers? graphics card. The hardware is used to power the video-game experience on screen, and also excellent at mining. Instead of buying expensive graphics cards with better hashrate and dealing with enormous electricity bills, malicious actors found a way to sabotage the millions of gaming PCs in the world.
Cryptominer is a type of malware that infiltrates a computer and uses its computing resources to mine cryptocurrency, all without the notice of the user. However, there are some signs that give away if your PC is infected.
How Cracknosh is Infecting Gaming PCs
The report is the result of an investigation by Avast after multiple users reported unusual behavior while using its anti-virus application. The complaints revealed that Avast’s folder was empty even though the anti-virus was installed. One of the complaints mentioned how the user downloaded a few games on his PC via torrents.
The in-depth research revealed a cryptominer that has been duly named Crackonosh because of its possible Czech origin. The malware is distributed through these free games and installs itself when the user unpacks the downloaded files and executes the setup.
It makes several modifications to the operating system to ensure it can thrive without detection. Remember that the more computing power someone has, the easier it is to mine for cryptocurrency. The infected PCs create a botnet via the internet. The malware contains the notorious coinminer XMRig. It adds an entry into the Windows Registry to run it on startup. This is what allows the infected PC to connect with other infected PCs around the globe.
It makes several modifications to the operating system to ensure it can thrive without detection. Remember that the more computing power someone has, the easier it is to mine for cryptocurrency. The infected PCs create a botnet via the interrupt. This is what allows the infected PC to connect with other infected PCs around the globe.
By leaching computing resources, the performance of your gaming PC is at the mercy of the miner. It has so far infected more than 222,000 computers worldwide, earning a whopping $2,000,000 in the Monero cryptocurrency. What’s more worrying is the fact that this malware has been in the wild since 2018.
How to Identify a Cryptominer on Your PC
The malware in question infects a PC then proceeds to disable security features to continue operating in stealth mode. Some tech-savvy users are capable enough to spot unknown processes running in Task Manager. Hence, the malware cloaks itself by operating under the disguise of legitimate Windows processes, such as winlogui.exe.
Here are some of the signs that your PC is infected:
The sole purpose of a mining program is to leach computing resources; it makes your CPU and graphics card run at full capacity even when the PC is idle. Signs like folders and programs taking too long to load, sluggish graphics performance, and programs crashing are the common indicators in this case.
Run Task Manager and notice if your CPU or GPU is running at peak performance. If you don’t have Windows 10 or above, install third-party programs like CoreTemp for CPU monitoring and MSI Afterburner for GPU monitoring.
Installed Programs Don’t Work
As seen in Crackonosh’s behavior, the malware attempts to delete any installed anit-virus and Windows Defender after it has occupied a space on the computer. If multiple programs fail to operate or issue an error that the .exe of the program could not be found, then something is wrong. Programs do not disappear on their own unless they are uninstalled.
While Crackonosh hides in plain sight by running under legit-sounding Windows processes, other crypto miners might not. Bring up the Task Manager, switch to the Performance tab, and click on Open Resource Monitor. See-through the list of processes that are leaching resources. You can look up the name of that process to verify if its legitimate or not.
How to Prevent Malware Infection
Torrents are a hotbed for malware. Because anyone can sign-up and upload a program or game for others to download, it provides an easy venue for attackers. The allure of free games can be seen from the fact that popular games such as Grand Theft Auto V have thousands of people seeding and leeching at any time.
It is extremely dangerous to download anything from a third-party source like torrents. It is akin to downloading a malicious email attachment from an unknown sender.
An anti-virus is a tool that safeguards your device against threats. It monitors executables and programs in the memory for potentially malicious items. Always have an anti-virus on your device, even if you don’t download apps and games from torrents. It is not just downloads, but malware can infiltrate your device through mediums like USB drives and other computers on the network.
In addition to having a robust antivirus, keep it updated with the latest malware signatures. Data is a precious asset, and it can be compromised if there’s a vulnerability. Use a VPN to secure your internet traffic when you surf the web using Wi-Fi networks to prevent bad actors from stealing private information or influence your web browsing experience.