Russian GTA V modder caught illegally mining Monero

Each day, we become witnesses to the increasing popularity of the Monero cryptocurrency and the rising number of malware developers who seek to make quick money by forcing the PCs of regular users to mine Monero for their profit. The idea is simple, a script is added to the code of an application, a website or even a game mode which commands the PC to use its processor power to mine Monero, which gets sent to the person behind all this. In itself, this isn’t really dangerous to the computer but it normally leads to a severe productivity slow-down due to an excessive processor use.

Monero miners aren’t all illegal, however, there are several legitimate miners such as CoinHive and Crypto-Loot (more information on CoinHive and Crypto-Loot) but even those tend to oftentimes get implemented within apps and websites in an illegitimate way since the users are either not notified about the miner and/or aren’t given an option to disable it. This leads to a lot of people believing that even the legitimate miners are some form of malware.

Opc0d3r and WaterMiner

Recently, yet another instance of illegal Monero mining was detected coming from Russia. A Russian modder, who has been creating mods for the popular game GTA V seems to have added a modified version of the legitimate XMRig miner that allows him to mine Monero through the PCs of people who download and use its mode. The person behind this goes by the online alias of opc0d3r and the miner utility that he uses in his mode is called WaterMiner. The name of the mode that carries the mining script is presumably called Arbuz.

The hacker might have been revealed

Due to lack of operational security and possibly due to lack of experience, the hacker’s identity has likely been revealed by researchers at Minerva Labs. Apparently, opc0d3r, or if we use his real-life name Anton, has posted links to his mods on his VK account. At a certain point, users started complaining that he has been stealing opc0d3r’s tools and making money off them to which he replied that he was in fact the mods’ creator, opc0d3r.

Still, though the modder seems to have done a sloppy job when it came to protecting his anonymity, his Monero mining utility, WaterMiner, is actually rather impressive according to Omri Moyal, a Minerva Co-Founder. The miner had persistence through the PC’s Registry and support for ceasing mining operations when the user was trying to debug their computer. Also, there were other potential features that opc0d3r/Anton might have wanted to use in future.

Monero Miners on the Rise

Since the middle of September and the release of the CoinHive Javascript miner, software and especially malware developers have found numerous ways to earn money through Monero miners. Unfortunately, even though this can be done legitimately and with the user’s consent, most of the time, it is not. The good news is, though, that if you want to protect yourself against unwanted miners, you an do so in a number of ways. Most good antivirus programs already have added a feature that stops those miners or at least notifies you if something tries to force your PC into generating Monero. Also, ad-blockers can also do a good job at blocking miners. There are even a couple of dedicated Google Chrome add-ons that can help – minerBlock, No Coin and AntiMiner.


Boris is a writer and an editor of the articles on Malware Complaints. His mission is to provide the readers of our website with essential information and details with regards to various malicious programs, software viruses, potentially unwanted applications and any other form of malware that you, the users, might encounter. In addition, he also posts reviews of different programs and applications as well as news articles on various interesting and important topics related to the software world.

Leave a Reply

Your email address will not be published. Required fields are marked *