Crackonosh Could Be Using Your PC To Make Money. If you haven’t heard of a malware strain called Crackonosh, be aware that it might be abusing your system, specifically Windows Safe Mode, to make money for its controllers.
Since its discovery, researchers at Avast estimate that Crackonosh has quietly generated millions by enslaving PCs worldwide and using them to mine cryptocurrency.
Crackonosh is only a few years old, first spotted in the wild back in June of 2018. However, it has spread like wildfire, leveraging the popularity of file sharing (torrent) websites where it piggybacks inside compressed files containing music, movies, and cracked versions of in-demand software.
The malware’s design is fairly clever.
Before it tries to install itself on a target system, it will scan for the presence of antivirus software running on the target machine, then attempting to disable it and delete Windows Defender. Once done, Crackonosh takes the additional step of deleting the log file, essentially destroying the evidence of its misdeeds.
Finally, it deploys a cryptocurrency mining software called XMRig, utilizing your PC’s resources to mine Monero (XMR), and modifies the registry so that the machine reboots in Safe Mode. That is incredibly clever because by design, when a computer boots up in Safe Mode (which is primarily for diagnostic purposes), loading only a minimal toolset that doesn’t include antivirus software.
Based on Avast’s research, Crackonosh is infecting around a thousand machines each day. So far, nearly a quarter of a million devices bend to the group’s will controlling Crackonosh. That amounts to a lot of Monero mining power. Estimates have enabled them to mine more than 9000 XMR, which, based on current prices, amounts to more than two million dollars.
In any case, if you’re a fan of torrent sites, beware of Crackonosh. While not overtly harmful, it will allow hackers to steal your processing power and profit from it.