Share this article
Monero-Mining Malware 'Crackonosh' Has Infected 222K Computers, Researchers Find
The virus has yielded over $2 million worth of XMR for its authors, security firm Avast said in a Thursday report.
Updated Sep 14, 2021, 1:16 p.m. Published Jun 24, 2021, 7:24 p.m.
Malware called "Crackonosh" has been found in 222,000 compromised computers that were used to download illegal, torrented versions of popular video games, including "NBA 2K19" and "Grand Theft Auto V," according to a report from security company Avast published Thursday.
STORY CONTINUES BELOW
The virus, which has been circulating since at least June 2018, installs crypto-mining software that has yielded its authors over $2 million worth of monero.
Monero is a privacy coin that is often used by cybercriminals because it is much more difficult to trace than other cryptocurrencies like bitcoin. Monero-focused crypto-mining attacks are relatively common: The Pirate Bay, a website where users can download movies, music, software and games, announced in 2018 it would be “cryptojacking” visitors’ processing power to mine for monero, and in 2020, a botnet called “Vollgar” was found to be targeting Microsoft’s SQL servers to mine for monero, as well.
According to Avast’s analysis, Crackonosh successfully operated for years because it had built-in mechanisms to disable security software and updates, which made it difficult for users to detect and remove the program.
The malware is thought to have originated in the Czech Republic, but it has a global reach. Cases in the United States make up only 5% of the total.
Avast’s blog post addresses the spread of the malware and teaches affected users how to uninstall the program.
The blog’s author, Daniel Benes, also shares some words of wisdom:
“The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Solana’s Drift Launches v3, With 10x Faster Trades
With v3, the team says that about 85% of market orders will fill in under half a second, and liquidity will deepen enough to bring slippage on larger trades down to around 0.02%.
What to know:
- Drift, one of the largest perpetuals trading platforms on Solana, has launched Drift v3, a major upgrade meant to make on-chain trading feel as fast and smooth as using a centralized exchange.
- The new version will deliver 10-times faster trade execution thanks to a rebuilt backend, marking the largest performance jump the project has made so far.
Top Stories
