Avast researchers published a report on Thursday regarding the discovery of a cryptocurrency mining malware that abuses Windows Safe mode and has likely generated more than 9,000 Monero coins (estimated today at around $2 million) after exploiting more than 222,000 Windows systems since 2018.The latest version of Crackonosh, as Avast dubbed it, spreads through illegal and cracked copies of popular software also known as “warez” which is distributed on various torrent sites and forums.The malware continues to infect systems worldwide, affecting 222,000 unique devices in more than a dozen countries since December 2020. As of May, the malware was still getting about 1,000 hits a day. The researchers already spotted 30 different versions of the malware, with the latest one that was published in November 2020. According to Daniel Beneš, a malware analyst for antivirus maker Avast, the worst-hit region is the Philippines, with 18,448 victims; followed by Brazil (16,584); India (13,779); Poland (12,727); the United States (11,856); and the United Kingdom (8,946).The researchers started investigating the threat after they received reports that Crackonosh was disabling and uninstalling its antivirus from infected devices. The company later discovered that Crackonosh was also disabling many other popular antivirus vendors, including Windows Defender and Windows Update as part of an advanced set of anti-detection and anti-forensics tactics that were meant to allow the malware to remain undetected on infected hosts.Once Crackonosh weakened infected hosts, it will run XMRig, a cryptocurrency miner that enables attackers to mine Monero using the victim’s hardware download, to earn a profit from infected computers. Earlier this month, the company identified another crypto-miner named DirtyMoe which infected more than 100,000 systems. The difference between the two was that DirtyMoe was primarily being spread using an SMB worm and that ..
Support the originator by clicking the read the rest link below.
