Cracknosh Malware:  How Hackers are Using free software and Games for Crypto Mining. 

What is Malware?

Malware is a programme that is designed to damage your system or network. Malware is different from regular software. It can spread over the web, remained unnoticed, caused system or network changes or damage. As a result, it can lower the performance of your system to the knees and lead to a network catastrophe.

What exactly does malware do?

Malware is software that may infect networks and devices and harm those devices, networks, and users. Depending upon the type of malware, this damage can take several forms and manifest itself to the user in various ways. Malware can have a moderate and benign effect in certain situations, but it can also be destructive in others. However, all forms of malware are designed to exploit devices at the user’s expense and, to the hacker’s advantage, the person who created it.

 How do malware manifest?

Malware employs a range of physical and virtual methods to infect devices and networks. Malicious applications, for example, can infiltrate a system via:

  • A USB drive or spread via the internet drive-by download harmful applications without the user’s knowledge or consent.
  • Another popular malware distribution method is phishing, in which emails masked as open communications contain malicious links or attachments that can send the malware executable file to naïve victims.
  • A command-and-control server is frequently used in sophisticated malware operations, allowing threat actors to connect with infected devices, exfiltrate sensitive information, and even remotely operate the hacked device or server.
  • Novel malware strains use new evasion and obfuscation tactics to mislead victims, security managers, and antimalware tools. These approaches rely on basic tricks, such as utilising web proxies to disguise malicious traffic or source IP addresses.
  • More sophisticated threats include polymorphic malware that can repeatedly change its underlying code to avoid detection from signature-based detection tools; anti-sandbox techniques that enable the malware to detect when it is being analysed and to delay execution until after it leaves the sandbox; and fileless malware that resides only in the system’s RAM to avoid being discovered.

Types of malware

Virus: Malware needs the operation and propagation of human intervention. A virus can be a file virus, Macro virus, Master boot record virus, Polymorphic viruses, and stealth viruses.

Trojan: Malware hiding in other legitimate files. Trojans can be Remote Access Trojans, data sending Trojans, Destructive Trojans, and Security trojans.

Worm: Like a virus, but no human interaction is necessary to operate and spread.

Spam: Malware is hidden in emails and attachments. A user is duped into clicking on these emails to place a virus on the Computer.

Ransomware: Encrypts the whole system and demands a ransom payment from the user to decrypt the data.

Rootkits: This Malware is brutal to detect and delete; it can only be done by formatting the whole system.

Adware: Unnecessary ads are generated on your system and websites. Spyware: A programme that sits on your system like a spy and monitors/records your activity.

Keyloggers: Keep track of all keystrokes made on the keyboard. This might be useful for hackers stealing passwords.

Mining: What is mining?

Mining is a process of entering new digital currencies into circulation. It is carried out with the aid of compelling computers that handle highly complicated computational problems.

Cracknosh

Nowadays, Hackers are infecting gamers’ PCs with malware to make millions from crypto-Mining.

According to research published by Avast, cybercriminals are targeting gamers with “mining malware”. The so-called “Crackonosh” malware is being hidden in free versions of games like NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4 and Jurassic World Evolution, which are available to download torrent sites.

How it works?

Once installed, Crackonosh quietly uses the computer’s processing power to mine cryptocurrencies for the hackers. The malware has been used to generate $2 million worth of a cryptocurrency known as monero.

Avast researcher Daniel Benes told CNBC that infected users may notice that their computers slow down or deteriorate through overuse, while their electricity bill may also be higher than usual. This is because it takes all the resources that the computer has, so the Computer is unresponsive.

Evidence

According to Benes, some 220,000 users have been infected worldwide, and 800 devices are infected daily. However, Avast only detects malicious software on machines installed with antivirus software, so the actual number could be significantly higher. Brazil, India, and the Philippines are among the worst affected countries, while the US has also seen many cases.

 Supercomputers hacked to mine cryptocurrency in Europe

Cryptocurrency-mining assaults have targeted many supercomputers in Europe that are focusing on COVID-19 research. The National Supercomputing Service ARCHER in the United Kingdom was the first to report that it has restricted access to its system due to the misuse of its login nodes.

Meanwhile, Germany’s Baden-Württemberg High-Performance Computing reported it was hit on the same day and was forced to shut down five of its systems. However, it was not the only German supercomputer centre that was targeted. The Leibniz Supercomputing Centre stated that it would temporarily suspend access, and the Jülich Supercomputing Centre followed suit by shutting down its JURECA, JUDAC, and JEWELS systems due to a “security threat.”

According to Bleeping Computer, the cyberattacks may have targeted as many as nine German supercomputers. And that’s not all. The Swiss National Super Computing Center likewise confirmed an assault. It stated that academic centres in Europe and worldwide were battling cyberattacks and that it had shut off external access to its centre after detecting malicious activity.

The European Grid Infrastructure (EGI) announced the findings of its Computer Security Incident Response Team (EGI-CSIRT) investigation into two security incidents that may or may not be interconnected. According to their findings, the malicious person utilised hacked SSH credentials to access the computers and mine Monero. EGI-CSIRT stated that there are victims in Europe, China, and North America, but it could not confirm how the SSH credentials were hacked.

Android apps & Crypto Mining scam

Security researchers at the Lookout Threat Lab have identified over 170 Android apps, including 25 on Google Play, scamming people interested in cryptocurrencies. Although many of them are available globally, these apps advertise themselves as providing cloud cryptocurrency mining services for a fee. After analysing them, it was found that no cloud crypto mining takes place. To protect Android users, Google promptly removed these apps from Google Play. As a result, Lookout Mobile Endpoint Security and Lookout Personal Digital Safety customers are protected from these threats.

The researchers classify two main categories of these apps involved in these schemes as “BitScams” and “CloudScams.”

How to stay safe?

Here are some precautions that can help your systems to keep safe:

  • To prevent getting duped, be alert and don’t fall for the hype.
  • Install security software on your servers or PCs to keep them safe from such scams.
  • Use high-level security software that protects against phishing and online fraud.
  • Don’t install free versions of games or software on your PC.
  • When downloading apps from Google Play, evaluate the number of installations and the app ratings and reviews. Be very cautious of recently released applications with generic-sounding favourable ratings, and read their negative equivalents.
  • To secure your Android device and your PCs from the latest threats, keep it updated and utilise a reputable security system.

To conclude

Digital currency is at an all-time high, and the market value is constantly increasing. Scammers will continue to try to target additional victims as long as the price rises.

So, what do we have to do?

We should not install such free versions of games or software available on the internet.

We should have robust security systems on our PCs. For example, computer servers must be protected with high-end alert security systems and must use two-factor authentication and change passwords regularly.

Share this post