Malicious torrent available for download
Since late 2024, cybercriminals have been actively infecting user computers in Russia, Belarus, Kazakhstan, Brazil, and Germany with a stealthy XMRig cryptocurrency miner. The malicious payload was distributed via torrent trackers, disguised as popular simulation games.
Experts at Kaspersky Lab uncovered that the campaign began on December 31, 2024, and continued until late January 2025. However, infected game versions had started surfacing as early as autumn. According to researchers, 70.5% of affected users unknowingly downloaded a compromised version of BeamNG.drive, one of the most widely played simulation games. The malware was also found embedded in Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod.
XMRig is an open-source cryptocurrency mining tool, primarily used to mine Monero (XMR). Once deployed, it hijacks system resources, overloading the CPU and GPU. The infected versions of BeamNG.drive, Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod secretly installed the miner on users’ devices. Kaspersky’s analysis indicates that the vast majority of infections (70.5%) were linked to BeamNG.drive.
Upon installing a compromised version of the game, the victim could play without any immediate disruptions, while the malware silently embedded itself within the system through a multi-stage download process. Though initially concealed, over time, users might notice severe system slowdowns, overheating, and increased power consumption. In some cases, constant CPU and GPU overloads could lead to hardware failure.
Cybercriminals strategically orchestrated the attack around the New Year holidays, a period when users are less cautious and more inclined to download entertainment content. Furthermore, gaming PCs are particularly attractive targets for cryptominers, as they boast high-performance hardware.
Experts caution that stealth miners may serve as components of more complex malware, potentially executing additional malicious activities beyond cryptocurrency mining.
