Gamers were delighted with the release of world’s second most popular video game Grand Theft Auto V (GTA 5) released by Rockstar North. It was in every way a modder’s dream as while playing the game it allowed gamers to change the base game to a great extent. However, with the high profile and extreme popularity of the game, cybercriminals were bound to identify ways of exploiting and benefitting from it. And, cryptocurrency mining being the latest fad among hackers is the primary mode of exploitation of GTA 5.
According to researchers, a mod maker going by the online handle of ‘Anton’ is reportedly distributing malware into the GTA 5 mods. The young, Russian speaking cybercriminal is apparently trying to hijack the computer power secretly to mine cryptocurrency. The mod maker of GTA 5 was discovered by researchers at Minerva Labs, a cybersecurity firm.
As per their findings, the Arbuz GTA 5 mod was utilized as the source of distribution of malware whereas Anton was found to be using malware WaterMiner for mining cryptocurrency. WaterMiner is a modified version of the authentic open-source XMRig miner. Through the malware, Anton successfully harvests Monero coins. All this is done without alarming the mod user.
Arbuz means watermelon in the Russian language that’s why researchers call have labeled the malware as WaterMiner. The malware is capable of evading all sorts of detection tools and also can hide from being identified by the Windows Task Manager tool or other monitoring services that are meant to keep tabs on computer resources. In case WaterMiner identifies that a computer monitoring tool is trying to detect it, the malware instantly aborts the process and shuts down mining after which it goes into hibernation.
A developer using the alias Martin 0pc0d3r is responsible for creating WaterMiner. Researchers were able to locate the developer because the developer has implemented poor track covering measures. It was due to the same careless attitude that researchers could trace Anton. The aim of Anton was to capitalize on the in-demand games in Russia and that’s why he hid the malware in the fiercely popular GTA 5 game. We suggest that you be cautious while installing mods and the platforms from where you download them in order to stay protected.
Anton, for your information, has become quite popular with his Twitter rants where he claims to have the immense hacking expertise and boasts about his experience as a hacker. The researchers noted that “It is clear that we are not dealing with an experienced cybercriminal.”
Minerva researchers are expecting more fireworks from Anton, and other hackers as the trend of employing malware based miners gain momentum. “It seems that Monero also attracts resourceful individuals who are not the classic attackers we might imagine as criminal masterminds, just like Alaska lured many unskilled miners during the gold rush,” stated the researchers at Minerva.
In a tweet, FiveM, a modification framework for GTA V said that they had issued a security update just to stop users from adding miners to their code. But it looks like things are already out of control.
A minor FiveM update has been released with some small fixes, and blocking of 'coinhive' mining services. Thanks for the reports!
— FiveM (@_FiveM) October 1, 2017
The trend of using Cryptocurrency minors is at peak. It was The Pirate Bay that was caught secretly using Coin Hive’s script to mine Monero digital coins. After that, researchers discovered that there are more than 500 websites are currently mining cryptocurrency without user consent.