Kaspersky researchers have discovered a large-scale attack that spread infected free versions of games through Torrent pages with the aim of generating the cryptocurrency Monero without the user's consent.

The malicious versions of simulation and sandbox titles such as BeamNG.drive, Garry's Mod, Dyson Sphere Program, Universe Sandbox and Plutocracy, were created and started to be uploaded to torrent pages in September 2024.

These contained compressed installation files that, once unzipped, opened the infected installers. Executing them triggered an infection chain in which the attackers employed a wide range of tactics to avoid detection during the installation process

The malware collected multiple device identifiers, including operating system version and IP address, to determine the user's country of residence.

However, on December 31, the previously installed malware received an order from the attackers' server to initiate a large-scale attack, as Kaspersky's Global Research and Analysis Team (GreAT) explains in a press release.

Per this command, a slightly modified version of XMRig, an open source 'software' designed to mine the cryptocurrency Monero (XMR) using the computer's CPU or GPU, was downloaded and installed without the victim noticing.

"To run modern games, you typically need a powerful PC with high processing power. Specifically targeting gamers with this mining implant makes sense, as attackers can access high-performance machines," said Principal Security Analyst at Kaspersky GreAT, Tatyana Shishkova, in a press release.

Since, as in this case, malware can be bundled with legitimate programs, games or multimedia files, Kaspersky experts recommend downloading the software and content only from trusted sources.

It is also advisable to have a reliable security solution to help detect miners, even those that do not visibly affect the device's performance, and, above all, to keep the operating system and software up to date, as many security issues can be resolved by installing the latest versions.

CREDIT: CE Noticias Financieras English - CENFENG