ZDNet reported today that there’s an uptick in a crypto miner called Crackonosh that has been around since June 2018. Primary places to pick up this malware is on pirate or warez sites. The malware installs and modifies the Windows registry. On next boot up, it then runs in safe mode avoiding detection by AV. Windows safe mode does not support AV. You might want to think twice before using any cracked games or software. They are a common tool utilized by scammers for all sorts of surreptitious entry.
Crackonosh will scan for the existence of antivirus programs – including Avast, Kaspersky, McAfee’s scanner, Norton, and Bitdefender – and will attempt to disable or delete them. Log system files are then wiped to cover its tracks.
n addition, Crackonosh will attempt to stop Windows Update and will replace Windows Security with a fake green tick tray icon.
The final step of the journey is the deployment of XMRig, a cryptocurrency miner that leverages system power and resources to mine the Monero (XMR) cryptocurrency.