A strain of cryptocurrency-mining malware was discovered that abuses Windows Safe mode during attacks.
The researchers at Avast have dubbed the malware Crackonosh which spreads through pirated and cracked software and is often found through torrents, forums, and “warez” websites.
Crackonosh has been in circulation since at least June 2018. The malware gets deployed when a victim executes a file that is believed to be a cracked version of legitimate software.
The infection chain begins with the drop of an installer and a script that modifies the Windows registry to allow the main malware executable to run in Safe mode. The infected system is set to boot in Safe Mode on its next startup.
The researchers said that while the Windows system is in safe mode, the antivirus software doesn’t work. This enables the malicious Serviceinstaller.exe to easily disable and delete Windows Defender. It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.
Crackonosh will check for the existence of antivirus programs such as Avast, Kaspersky, McAfee’s scanner, Norton, and Bitdefender — and will try to disable or delete them. Log system files are then wiped to cover its tracks.
Crackonosh will also try to stop Windows Update and will replace Windows Security with a fake green tick tray icon.
Finally, an XMRig which is a cryptocurrency miner that leverages system power and resources to mine the Monero (XMR) cryptocurrency is deployed.
In total Crackonosh has generated at least $2 million in Monero, with over 9000 XMR coins having been mined.
Around 1,000 devices are being hit each day and over 222,000 machines have been infected worldwide.
So far, 30 variants of the malware have been identified, with the latest version being released in November 2020.
Avast stated that as long as people download cracked software, attacks like these will continue that would be profitable for attackers.
The post Crackonosh virus abused Windows Safe mode to mine cryptocurrency first appeared on Cybersafe News.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment