Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
Avast: Crackonosh exploits cracked software to spread. The new malware has a lot of tricks to evade detection and install the XMRig coin-miner. Until now, it “earned” over $2,000,000
Crackonosh is a new malware, distributed via cracked software. It has been discovered by Avast cybersecurity experts. In particular, the cybercrime malicious code is distributed along with illegal, cracked copies of popular software and searches for and disables many popular antivirus programs as part of its anti-detection and anti-forensics tactics. It disables Windows Defender and Windows Update as well as anti-detection and anti-forensics actions to install the Monero coin-miner XMRig. Furthermore, the pool sites showed payments of 9000 XMR in total, that is with today prices over $2,000,000. Moreover, this malware protects itself by disabling security software, operating system updates and employs other anti-analysis techniques to prevent discovery, making it very difficult to detect and remove.