According to Kaspersky, the campaign started last December, targeting users who are downloading torrents of popular games with a silent install of XMRig, a monero mining program. Crypto Malware Targets Gamers: Monero Mining Payload Delivered via Popular Game Torrents Hackers are now targeting gamers, which have capable computers, with crypto-mining malware. According to Kaspersky, the Russian cybersecurity company, crypto criminals have begun using torrents of popular games, including BeamNG.drive, Garry’s Mod, Dyson Sphere Program, Universe Sandbox, and Plutocracy to distribute monero mining applications that can be activated remotely. The mining payload is delivered through a crack installer, that sidesteps the copy security system, allowing the user to install and play the downloaded game. The campaign, denominated “StaryDobry,” takes advantage of the torrents distribution of the so-called repacks, compressed instances of the games that allow for faster downloads of these cracked versions. Kaspersky states that it started detecting these infections in January 2025. Nonetheless, the company’s investigation shows that the campaign had been in preparation since at least September when the first versions of these game releases were uploaded. However, this was just a distribution phase, as the instances of XMRig, the monero mining program, were activated remotely since December, 31, when Kaspersky detected the first massive infection. The miner first checks if the computer where it is installed has a processor with eight or more cores, as these would provide the largest yields for the attacker. If the computer where the installer has a processor with less than eight cores, the monero miner does not activate due to poor performance. This use case explains the attack vector detected, as gaming rigs are usually configured with strong hardware to enjoy a better performance in gaming tasks. Kaspersky revealed that most infections happened in Russia, with additional cases registered in Belarus, Kazakhstan, Germany, and Brazil. While the team behind this campaign has not been identified, Kaspersky believes that it could be a Russian group, given the use of the Russian language in some of its files and the size of the infection in Russia. Read more: Ledger Users Targeted in New Data Breach Phishing Campaign