Home » Technology » How to Protect Your Computer from Coin Miner Malware Spread Through Game Hacks and Cracked Programs: Warning from AhnLab Security Response Center

How to Protect Your Computer from Coin Miner Malware Spread Through Game Hacks and Cracked Programs: Warning from AhnLab Security Response Center

Money Today Reporter Hwang Guk-sang | 2024.01.21 18:01

AhnLab Security Response Center, Game Hack Coin Miner Advisory
Inserted a function to turn off PC anti-virus, requesting users to uninstall anti-virus

The game hack file user manual includes a request to remove anti-virus programs such as Windows Defender. /Photo = Capture from ASEC homepage “Important, how to turn off Windows Defender. You must uninstall the antivirus (to detect computer viruses) for it to run properly. Before running the hack, unzip the required files and click to remove them all.” This is a program user manual distributed by a group of people who are trying to spread malware that turns users’ PCs and other devices into coin mining machines. Coin miner malware is being distributed through the ‘Game Hack’ program, which refers to a program that makes it easier to play games, and a warning has been raised that users need to be careful.

According to related industries on the 21st, ASEC (Ahnlab Security Response Center) recently confirmed the situation of XMRig coin miners being distributed through game hacks through its website and said, “Executable files downloaded from data sharing sites of unknown origin are “You must be especially careful,” he said. “It is recommended that you download programs such as utilities and games from the official website.”

According to ASEC, files containing such malicious code were mainly distributed through sites that distribute game hacks for famous games. To prevent malicious files from being blocked by antivirus programs such as Windows Defender or AhnLab’s V3, attackers sometimes specify on the page how to terminate the antivirus. It also encourages users to turn off Windows Defender directly through files such as ‘dControl.exe’, a Windows Defender management program.
A post distributing malware disguised as a cracked version of the Hangul word processor in January last year. If you download and install this file, malware will be installed on your PC. / Photo = Capture from ASEC homepage Malicious code is installed on the user’s PC, which is disarmed due to the removal of the anti-virus function. ASEC said, “The executed Coin Miner prevents Windows Defender from scanning through Powershell and removes services related to Windows updates, including updates to the Windows MSRT (Malicious Software Removal Tool),” and added, “It is also detected by modifying the host file. “Attempts are being made to circumvent .” In fact, in the gaming community, there were comments such as saying that the program broke the PC and that they were formatting the computer.

In addition to game hacks, these coin miners are also spread by targeting those who want to use genuine programs for free. Representative examples are various ‘cracked version’ programs distributed through webhards, torrents, etc. A crack program refers to a program that disables functions that prevent copying or unauthorized distribution of genuine software, or a version of software unlocked through this program.

In January last year, ASEC detected malicious code in a cracked version of the Hangul word processor on the web hard drive and warned users to be cautious. In August 2022, a method of distributing malware along with illegal programs such as adult games or cracked versions of games was confirmed through web hard drives.

[저작권자 @머니투데이, 무단전재 및 재배포 금지]

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.