large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

GTA 5 PC mod responsible for spreading Monero mining malware

Rockstar’s Grand Theft Auto V is a modders dream on the PC, allowing gamers to drastically alter the base game; but it also means hackers can cause havoc.

One Russian-speaking mod maker is busy spreading malware into GTA 5 mods to secretly hijack a victim’s computer power to mine the Monero cryptocurrency.

The ‘Arbuz’ GTA V mod was identified by researchers at cyber security company Minerva Labs as the source of the malware spread. They discovered that mod-maker ‘Anton’ was using malware dubbed WaterMiner, which uses an altered version of the legitimate open-source XMRig miner to craftily harvest Monero coins without a mod user knowing it.

WaterMiner, which gets its name from Arbuz meaning watermelon in Russian, also evades monitoring tools and can hide from the Windows Task Manager and other services that monitor the use of a computer’s resources. If it detects that a PC monitoring tool is searching for it WaterMiner closes down the mining process and goes into hiding.

The WaterMiner malware was found to be made by a person going by the alias of “Martin 0pc0d3r”, which Minerva researchers traced back to its source due to the malware developer’s poor track covering and identified that the malware maker was also Anton, a young Russian man who has been pretty vocal on Twitter about his claimed hacking prowess.

“It is clear that we are not dealing with an experienced cyber criminal,” noted Minerva’s researchers.

All the signs point toward Anton deliberately hiding malware in his GTA V mod with the goal to capitalise on Russia’s high demand for game mods. And the Minerva security researchers expect to see more of such malware-based miners crop up as people look to make money through emerging cryptocurrency.

“In the world of cyber crime, we often come-across well-organised gangs. However, it seems that Monero also attracts resourceful individuals who are not the classic attackers we might imagine as criminal masterminds, just like Alaska lured many unskilled miners during the gold rush,” the researchers said.

With that in mind, it’s worth taking care with the mods you might be installing and where you’re downloading them from; mod repositories like the Steam Workshop have vetting processes to keep malicious mods at bay.

Related: GTA V 4K graphics mod

Do you have any modding horror stories? If so, let us know on Facebook or tweet @TrustedReviews. 

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.