CoinHelper

Details about a new crypto-miner family named CoinHelper were revealed by researchers. According to their findings, the crypto-miner threat has been in circulation since at least 2020 and has managed to generate over $330, 000 for its creators. CoinHelper appears to be using the same tactics as another crypto-miner tracked as Crackonosh, but on a much larger scale. Indeed, while Crackonosh was found injected only into cracked versions of popular video games, CoinHelper is distributed inside all kinds of cracked, illegal, and unauthorized software products. The victim's resources hijacked by CoinHelper were primarily used to mine for Monero coins followed by Bitcoin and Ethereum.

Thousands of Weaponized Cracked Applications

The creators of CoinHelper focused their efforts on infecting people looking to obtain pirated software products. They hid the crypto-miner threat in a wide range of applications - from games and game cheat engines to popular tools, such as WinRAR. Other cracked applications that carried the threat include Google Chrome, Microsoft products such as Office and Windows 11, and even numerous cybersecurity solutions from nearly all vendors. In total, over 2,700 different applications have been identified to have been bundled with CoinHelper.

The main targets of the attackers appear to be Russian-speaking users based on the fact that the majority of detected applications were either a Russian-language version of the product or were spread on Russian forums. It shouldn't come as a surprise then that around 38% of the CoinHelper attacks were in Russia. The second most-targeted country was Ukraine, accounting for around 19% of infections.