Pirated Game Torrents Exploited to Spread Crypto-Mining Malware

Cybercriminals exploited torrents for pirated games to launch a mass malware infection campaign, embedding crypto-mining malware into installers for popular titles such as Garry’s Mod, BeamNG.drive, Dyson Sphere Program, Universe Sandbox, and Plutocracy, according to Kaspersky.

The malicious campaign, which began on New Year’s Eve, targeted Windows PCs by distributing trojanized game installers through torrent networks. After months of preparation, hackers initiated a “one-shot campaign” on December 31, when the infected games received a command from the attackers’ servers to download and execute a cryptocurrency miner.

Kaspersky’s investigation revealed that the malware first fingerprints the victim machine and determines its geographic location. It then installs a slightly modified version of the XMRig miner executable, but only activates on systems with eight or more CPU cores. This selective approach allowed the attackers to focus on high-performance gaming machines capable of sustaining profitable mining operations, silently harnessing their computing power to generate Monero cryptocurrency.

The malware is designed with several safeguards. It terminates itself if it detects a debugging environment—such as a virtual machine—to avoid analysis, and portions of its code include Russian language elements. While the infection wave primarily affected users in Russia, additional cases were detected in Belarus, Kazakhstan, Germany, and Brazil.

Kaspersky noted that the cybercriminals appear to have shut down their campaign on January 27. In response, the company has updated its antivirus definitions to detect and block the threat, serving as a reminder of the dangers posed by pirated software downloads.

Authorities and security experts continue to warn that bootleg downloads are frequently exploited as a conduit for malware, urging users to avoid unauthorized content to protect their systems and personal data.

Photo Credit: DepositPhotos.com