Dangerous games: a new malicious miner has been found in Russia

A new malicious miner operating under the guise of simulation games has been discovered in Russia. According to preliminary data, several thousand people have already been affected in a month. The virus began to spread massively since the end of last year, it is installed together with the infected game and disables computers, slowing down the work and stealing data, as well as using devices to commit DDoS attacks. On how to protect yourself from such malware - in the material "Izvestia".

What risks hidden miner carries for the user

Attackers under the guise of free versions of games for the computer distributed on torrent-trackers (service for downloading programs) Trojans downloading a modified version of the XMRig miner on the computer. The campaign to spread it began on December 31, 2024, Kaspersky Lab's global threat research and analysis center told Izvestia.

Attackers specifically chose the holiday period for its launch, when users' vigilance decreases and interest in entertainment content can grow. According to experts, users in Russia, Belarus, Kazakhstan, Brazil and Germany faced this threat.

Photo: Izvestia/Anna Selina

The malware was distributed under the guise of simulation games such as BeamNG.drive, DysonSphere Program, Universe Sandbox, Plutocracy and Garry's Mod. After installing the infected version of the game, users received a hidden miner on their device. According to the preliminary results of the study, several thousand users encountered a miner mimicking five games in one month alone (from December 31, 2024 to January 31, 2025), Kaspersky Lab said.

- Consumers should not underestimate the risks posed by miners. In some cases, such unwanted programs turn out to be modules of a more complex malware that secretly runs on the device," explained Tatiana Shishkova, a leading expert at Kaspersky GReAT.

Don't do that: "gray" miners steal electricity worth 10 billion rubles a year

How to combat such violations and whether liability should be tightened

Theminer consumes significant CPU and video card resources, which leads to system slowdowns, freezes and overheating of components, explained Igor Bederov, head of T.Hunter's Investigations Department. Some miners contain additional modules such as stylers that extract data from cryptocurrency wallets, browsers and other applications, the expert emphasized.

- In the course of their work, users can lose their game accounts, currency or even bank card data. Finally, infected devices can be included in a botnet for mass mining of cryptocurrency for the benefit of attackers," said Igor Bederov.

Photo: Global Look Press/Lantyukhov Sergey

To avoid falling into a trap, it is worth taking personal security measures, namely, installing an antivirus with protection against miners, downloading games only from official sources, as well as timely updating the software and operating system, the expert recommends.

The press service of RuStore told Izvestia that the application store now has a multi-stage system of checking downloaded products. They are checked by anti-virus technologies of Kaspersky Lab and manually moderated to exclude the presence of malicious code, banned content and spam.

Thanks to the integrated approach, RuStore users can be sure that the content downloaded from the app store is safe, the company added.

Put on pause: Russia introduces a ban on mining in a number of regions

The restrictions will begin on January 1, 2025

How to recognize a miner on a PC

Attackers can also embed complex malware into such games, said Shaih Galiev, head of the PT Sandbox expertise department of Positive Technologies anti-virus laboratory. As a result of infection, all other threats to information security can be realized, such as stealing confidential information and credentials, gaining remote access to the device, and using it for DDoS attacks.

According to him, to avoid all this, it is worth being attentive to the reviews of downloaded content, even to what is distributed on official sites. You should not be in a hurry to download just published software releases.

- If the software is already installed, you should evaluate whether suspicious processes are created in the system and whether there is an abnormal load of resources that is not related to your activity, " said the expert.

Photo: Izvestia/Mitriy Korotayev

Pavel Evtikhov, head of the SkyDNS implementation department, recommends checking the computer load. If for no apparent reason all its resources are busy, it is likely to be infected with a miner and the user should contact a specialist.

In modern realities, it is impossible to mine cryptocurrency alone. For this purpose, special mining pools are used, where one large task is split into several small pieces and distributed to each user. Therefore, professional PC users can be recommended to block the addresses of all mining pools to ensure their safety, added Pavel Evtikhov.

If the infection has already occurred, you should disconnect your computer from the network, remove the malware and run a full antivirus scan to make sure there are no other threats, summarized Alexei Grishin, head of the Infosecurity pentest (Softline Group).