fbpx

Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets.

The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing screenshots from the infected systems. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico.

Automatic GitHub Backups

KMSPico is an unofficial tool that’s used to illicitly activate the full features of pirated copies of software such as Microsoft Windows and Office suite without actually owning a license key.

AVvXsEgCZp4WBbNG7worLyLO41CP2w7Yhz7MHgLtZ2dKxVjtbOlsLq9cK5nPO4fm1L Fj aJTfrCqW7whKPYmYKVFwqek0X55 tHojLoEVpgBzCcXsrT2aOzsLu IvulOjAt9GjuutJ4RQ0UnaPN7jj1 XvvzZH67Qc0ga3mfFH9KpLbZFoHrIRNE NjSOMi

“The user becomes infected by clicking one of the malicious links and downloading either KMSPico, Cryptbot, or another malware without KMSPico,” Red Canary researcher Tony Lambert said in a report published last week. “The adversaries install KMSPico also, because that is what the victim expects to happen, while simultaneously deploying Cryptbot behind the scenes.”

Prevent Data Breaches

The American cybersecurity firm said it also observed several IT departments using the illegitimate software instead of valid Microsoft licenses to activate systems, adding the altered KMSpico installers are distributed via a number of websites that claim to be offering the “official” version of the activator.

This is far from the first time cracked software has emerged as a conduit for deploying malware. In June 2021, Czech cybersecurity software company Avast disclosed a campaign dubbed “Crackonosh” that involved distributing illegal copies of popular software to break into and abuse the compromised machines to mine cryptocurrency, netting the attacker over $2 million in profits.

Source link

[email protected] (Ravie Lakshmanan)

Get worry-free complete website cleanup and protection

Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.

Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.