Security researchers at Avast
write that Crackonosh, which has been around since 2018, has been found in free games given away on forums and torrent sites. They include Grand Theft Auto V, NBA 2K19, Far Cry 5, and Pro Evolution Soccer 2018. Once infected, the malware surreptitiously installs cryptomining software that mines Monero without a user's knowledge. It's thought to have earned over $2 million for its authors, who are believed to be from the Czech Republic-Crackonosh means "mountain spirit" in Czech folklore.
Avast writes that Crackonosh installs itself by replacing critical Windows system files and abusing the Windows Safe mode to impair system defenses. It's able to avoid detection by disabling security software, operating system updates, and using other anti-analysis techniques, making discovery and removal very difficult.