How to Deal With the Crackonosh Malware, According to Experts GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

How to Deal With the Crackonosh Malware, According to Experts

TL;DR: don’t download cracked PC games

By Thomas Hindmarch Thomas Hindmarch Writer Northwest Missouri State University Thomas Hindmarch is an expert games writer with nearly two decades' experience. His work has appeared in the UK's Official Xbox Magazine, NGamer, GeekWire.com, and more. lifewire's editorial guidelines Updated on June 30, 2021 11:40AM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming

Key Takeaways

The "Crackonosh" malware has spread to around 220,000 systems nationwide, turning infected PCs into cryptocurrency mining rigs.It deletes a host computer’s antivirus settings and rewrites its registry, which makes it difficult to remove once it’s there.An infected system takes a massive performance hit, but there are no reports of data theft. solarseven / Getty Images If you or someone you share a computer with likes to download "cracked" pirate copies of popular computer games, you’re at risk of being hijacked by a particular type of malware. Spread via torrents and direct downloads of pirated games, Crackonosh hijacks a computer to convert it into a crypto mining rig. Roughly 220,000 cases have been reported worldwide, with estimates that the scam has netted over $2 million in Monera cryptocurrency for its unknown authors. While versions of Crackonosh have been in circulation since 2018, the recent spike in cases has put it on security researchers’ radars. "This malware typically is distributed via torrents and executables geared toward gamers," said Bryan Hornung, CEO of Xact IT Solutions, in a direct message to Lifewire. "Gamers’ systems typically have more processing power, which generates more revenue for the cybercriminals."

Monsters of Code

According to Avast’s Daniel Beneš, Crackonosh’s code suggests its author might be Czech. That resulted in its nickname, which is a nod to the Krakonoš, the Czech name for a mountain spirit from Polish, German, and Bohemian folklore. As a malware package, Crackonosh is remarkably specific. There’s been no evidence of data loss or theft from infected systems. If your computer’s been hit with Crackonosh, at least your local files aren’t at risk. This malware typically is distributed via torrents and executables geared toward gamers. It’s also easy to avoid, as these things go. At time of writing, the only confirmed method of spread for Crackonosh is via pirate software sites, which offer free "cracked" downloads for popular PC games such as Grand Theft Auto V, NBA 2K19, Far Cry 5, and the 2018 Call of Cthulhu. Some of those downloads are infected with Crackonosh. "This is the sort of thing where prevention is the best cure," said Christopher Budd, senior global threat communications manager at Avast, in a Zoom call with Lifewire. "This is what happens when you try to get something for nothing. You download it, you get the game, and you get free coin-miner software at no extra charge."

How It Gets on and How To Get It Out

When a user tries to install a pirated game with the Crackonosh malware on Windows 10, Crackonosh alters the computer’s registry to give itself permission to start in Safe Mode. It then forces the computer to boot into Safe Mode on its next startup, which disables most anti-virus software, so Crackonosh can target and delete any countermeasures that might be present. It also replaces the Windows Security icon in Windows 10 with an identical fake, so users might not notice it’s missing right away, and disables Windows Update so the OS won’t automatically reinstall Windows Defender. Avast At this point, a user still can use their computer, but it’s likely to be slowed down dramatically by the demands of the mining software. It’s also completely unprotected from any other viruses or malware that might come along in the meantime. If you’re looking to get rid of Crackonosh from an infected system, it’s a tall order, requiring you to hunt down and delete multiple files, scheduled tasks, and even registry keys. It’s arguably a lot easier to simply format your drive and reinstall Windows, although Avast has provided a guide on its official blog on how to remove the Crackonosh malware from your computer. "It takes a lot of steps," said Budd. "You’re doing a lot of tooling by hand to get rid of this. I’ve done some support in my day, and this is not something I’d want to walk someone through on the phone." You download it, you get the game, and you get free coin-miner software at no extra charge. Research is continuing on Crackonosh now, although it’s been slowed down for an obvious reason: not a lot of people are inclined to share how their illegal downloads are responsible for an illegal thing happening to their computer. However, it’s not something you can catch at random, which takes away some of the threat. Crackonosh doesn’t perpetuate through email chains, ad banners, or dodgy websites. There’s only one way to get it, and that’s by going out and actively trying to commit software piracy. "As my mother used to joke," said Budd, "a man goes into the doctor and says, ‘Doctor, it hurts when I do this.’ The doctor says, ‘Well, then don’t do that.’ If you and all the users of your system don’t download cracked software, you don’t have to worry about this one." Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Can Chromebooks Get Viruses? 14 Best Free Bootable Antivirus Tools (October 2022) 12 Best Free Spyware Removal Tools (October 2022) The 9 Best Free Antivirus Software of 2022 Can a Smart TV Get a Virus? Is Google Play Safe? What lsass.exe Is & How It Affects Your Computer Are iPads Really That Safe from Viruses and Malware? 3 Best Free Antivirus Apps for Android Phones 16 Best Free Audio Book Websites (October 2022) The 7 Best Ways to Speed up Your Computer How to Fix It When Windows 11 Defender Won't Open Can a Router Get a Virus? How to Get Free Games on Meta (Oculus) Quest and Quest 2 What Are Torrents & How Do They Work? A Brief History of Malware Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies