Data Security

New malware in pirated games disables Windows Updates, Defender

Crackonosh malware has been around since at least June 2018 and has infected more than 222,000 systems around the world.

The IT security researchers at Avast published a report on Thursday 24th June revealing a new attack in which malware is being embedded in pirated versions or “cracked” versions of popular games.

Dubbed Crackonosh by researchers, referring to a “mountain spirit” in Czech folklore, the malware uses the victim’s computer resources to mine cryptocurrencies for its developers.

SEE: Torrent uploader CracksNow caught distributing ransomware

According to Avast, Crackonosh has been around since at least June 2018 and has infected more than 222,000 systems around the world. So far, the malware has earned $2,000,000 (£1,440,000) in Monero cryptocurrency.

Monero wallet used by cybercriminals (Image: Avast via

Most victims infected by Crackonosh malware belong to countries such as:

  • Italy
  • India
  • Spain
  • Turkey
  • Canada
  • Greece
  • Mexico
  • Poland
  • Sweden
  • Pakistan
  • Portugal
  • Australia
  • Argentina
  • Indonesia
  • Philippines
  • South Africa
  • United States
  • United Kingdom

The list of pirated versions of games where Crackonosh has been found includes:

  • Far Cry 5
  • NBA 2K19
  • The Sims 4
  • Call of Cthulhu
  • We Happy Few
  • Fallout 4 GOTY
  • The Sims 4 Seasons
  • Grand Theft Auto V
  • Euro Truck Simulator 2
  • Jurassic World Evolution
  • Pro Evolution Soccer 2018

Crackonosh disables Windows updates, defender, antivirus,

In a blog post, Avast’s malware researcher Daniel Beneš wore that when Crackonosh is installed, it deletes registry entries to turn off automatic updates. It then takes actions to protect itself and evades detection by disabling Windows Defender and any other antivirus software installed on the device.

Installation of Crackonosh malware (Image: Avast)

Some of the antivirus solutions disable by Crackonosh include:

  • Scan
  • Panda
  • Norton
  • Adaware
  • F-secure
  • Kaspersky
  • Bitdefender
  • Mcafee (scanner only)

Crackonosh shows the risks in downloading cracked software and demonstrates that it is highly profitable for attackers, said Beneš. “As long as people continue to download cracked games, attacks like these will continue to be profitable for their authors”, he warned.

Risk of downloading pirated, cracked software

Downloading and using pirated software may save you loads of time and money however it poses a massive security risk to naive users. Currently, another malware called DanaBot is also spreading by embedding itself in free software including VPNs, anti-virus software and pirated games, etc.

Therefore, avoid using third-party software, pirated content, and cracked programs or you can be the next victim of malware like Crackonosh or DanaBot.

To Top

Pin It on Pinterest

Share This