Malicious Windows KMSPico Activator Steals Users’ Cryptocurrency Wallets


Users seeking to activate Windows without using a digital license or product key are targeted by corrupt installers to deploy malware designed to loot credentials and other information from cryptocurrency wallets.

The malware, nicknamed “CryptBot“, is an information thief capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards and capturing screenshots of infected systems. Deployed Via pirated software, the latest attack involves the malware masquerading as KMSPico.

GitHub automatic backups

KMSPico is an unofficial tool used to Activate all the functionality of pirated copies of software such as Microsoft Windows and Office products without actually having a license key.

“User is infected by clicking on one of the malicious links and downloading KMSPico, Cryptbot or other malware without KMSPico,” Tony Lambert, researcher at Red Canary. noted in a report released last week. “Opponents are also installing KMSPico, because that’s what the victim expects to happen, while simultaneously deploying Cryptbot behind the scenes.”

Prevent data breaches

The US cybersecurity company said it has also observed that several IT departments use illegitimate software instead of legitimate Microsoft licenses to activate systems, adding that the modified KMSpico installers are distributed through a number of websites that claim to offer the version ” official “activator.

This is far from the first time that cracked software has emerged as a means of deploying malware. In June 2021, Czech cybersecurity software company Avast disclosed a campaign dubbed “Crackonosh” that involved distributing illegal copies of popular software to illegally abuse compromised machines to mine cryptocurrency, reporting to the attacker over $ 2 million in profits.


About Author

Comments are closed.