Monero mining malware hidden inside popular game torrents

Source Cryptopolitan

Hackers launched a mass infection campaign to distribute a Monero mining program that could be activated remotely. The hackers delivered the mining payload via popular game torrents and primarily targeted gamers, as gaming PCs commonly tend to have stronger processors with more than 8 cores.

According to a recent report by Kaspersky, hackers launched a mass infection campaign of popular game torrents like Garry’s Mod, Dyson Sphere Program, and Universe Sandbox to distribute Monero mining application. The hackers could activate this application remotely.

Monero mining malware hidden inside popular game torrents
Pie-chart showing the distribution of affected users by game (Source: Kaspersky)

Popular sandbox and simulator games were chosen to distribute the mining program, and the hackers specifically picked games requiring minimal disk space.

The hackers delivered the mining payload via a cracked game installer. Often, such cracked installers require users to turn off their anti-virus to install.

The campaign was referred to as StaryDobry, and it took advantage of torrents consisting of compressed files of the games for quicker downloads.

Kaspersky mentioned that the infections were initially detected in January 2025. However, the campaign started much earlier, in December 2024.

In fact, the campaign has been in preparation since September 2024, at the very least, when the initial versions of these games were uploaded. However, this was only the distribution phase.

The Monero mining program targets processors with 8 cores and above

According to Kaspersky, the remote Monero mining program was activated on 31st December. The functionality of the miner ensures that it makes the most out of the processor’s cores. It first checks if the computer has a process with eight cores or more for the highest yields. If the processor has less than 8 cores, the mining program will not be activated.

Due to this use case, the hackers primarily targeted gamers because gaming PCs are usually equipped with faster processors and strong hardware. According to Kaspersky’s data, most of these infections happened in Russia. However, cases have also been registered in Kazakhstan, Brazil, Germany, and Belarus.

As of yet, the team behind this mass infection hasn’t been identified. However, Kaspersky has reasons to believe that a Russian group is behind the malware, as some of its files use the Russian language. Also, a greater number of infections were reported within Russia.

Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Bitcoin Cash Price Prediction: BCH targets 52-week high as on-chain data indicate room for growthBitcoin Cash (BCH) is trading in the green by 2% at press time on Thursday, following a 6.39% price surge on Wednesday.
Author  FXStreet
Jun 26, Thu
Bitcoin Cash (BCH) is trading in the green by 2% at press time on Thursday, following a 6.39% price surge on Wednesday.
placeholder
Gold price declines to fresh two-week low, further below $3,300 ahead of US PCE dataGold price (XAU/USD) attracts fresh sellers following the previous day's directionless price move and slides back below the $3,300 mark during the Asian session on Friday.
Author  FXStreet
21 hours ago
Gold price (XAU/USD) attracts fresh sellers following the previous day's directionless price move and slides back below the $3,300 mark during the Asian session on Friday.
placeholder
US core PCE inflation set to tick up slightly as markets mull timing of Federal Reserve rate cuts The United States (US) Bureau of Economic Analysis (BEA) will publish the Personal Consumption Expenditures (PCE) Price Index data for May on Friday at 12:30 GMT. 
Author  FXStreet
21 hours ago
The United States (US) Bureau of Economic Analysis (BEA) will publish the Personal Consumption Expenditures (PCE) Price Index data for May on Friday at 12:30 GMT. 
placeholder
Why Hasn't Ethereum Broken Through the $2,500 Key Level?Ethereum (ETH) fell nearly 1% in early trading on Friday. As of this writing, Ethereum is trading around $2,440.
Author  Insights
19 hours ago
Ethereum (ETH) fell nearly 1% in early trading on Friday. As of this writing, Ethereum is trading around $2,440.
placeholder
EUR/USD consolidates near highs as investors ramp up bets for Fed rate cuts The EUR/USD pair appreciates for the seventh consecutive day but remains capped below the nearly four-year high at 1.1745 reached on Thursday.
Author  FXStreet
18 hours ago
The EUR/USD pair appreciates for the seventh consecutive day but remains capped below the nearly four-year high at 1.1745 reached on Thursday.
goTop
quote