Crypto Opinions & News Malicious KMSPico installers steal your cryptocurrency wallets

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,147
Content source
https://www.bleepingcomputer.com/news/security/malicious-kmspico-installers-steal-your-cryptocurrency-wallets/
Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.

This activity has been spotted by researchers at Red Canary, who warn that pirating software to save on licensing costs isn't worth the risk.

KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services (KMS) server to activate licenses fraudulently.

According to Red Canary, many IT departments using KMSPico instead of legitimate Microsoft software licenses are much bigger than one would expect.

"We've observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems," explained Red Canary intelligence analyst Tony Lambert. "In fact, we even experienced one ill-fated incident response engagement where our IR partner could not remediate one environment due to the organization not having a single valid Windows license in the environment."
Click to expand...
A malicious KMSPico installer analyzed by RedCanary comes in a self-extracting executable like 7-Zip and contains both an actual KMS server emulator and Cryptbot.

"The user becomes infected by clicking one of the malicious links and downloads either KMSPico, Cryptbot, or another malware without KMSPico," explains a technical analysis of the campaign, "The adversaries install KMSPico also, because that is what the victim expects to happen, while simultaneously deploying Cryptbot behind the scenes."
Click to expand...
www.bleepingcomputer.com

Malicious KMSPico installers steal your cryptocurrency wallets

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • +Reputation
Reactions: brambedkar59, plat, struppigel and 7 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,566
Cyber threat alert: Pay for Windows or face the wrath of Cryptbot malware
What you need to know
  • Hackers are utilizing a fake version of KMSPico to spread Cryptbot malware to PCs.
  • The authentic version of KMSPico is a tool used by pirates to bypass Windows and Office license requirements.
  • The attack is particularly dangerous because using KMSPico often requires people to disable antimalware software.
A popular pirating tool is being imitated by malicious actors in an attempt to spread malware. According to a report by Red Canary from December 2, 2021, fake versions of KMSPico have been utilized to get malware onto PCs. If someone allows their system to be compromised by the fake software, the Cryptbot malware can steal credentials.

KMSPico is a tool used to circumvent license fees for Windows and Office. It uses Windows Key Management Services — a tool frequently used for legitimate reasons by enterprise clients — to fraudulently activate software.

Because KMSPico is used to pirate software, many antimalware tools flag it as a potentially unwanted program (PUP). Because of this, pirates will often disable security features to use KMSPico. This makes a fake version of the software is especially dangerous, as PC owners may have voluntarily left themselves defenseless.

Cryptbot can collect sensitive information from the following applications:
  • Atomic cryptocurrency wallet
  • Avast Secure web browser
  • Brave browser
  • Ledger Live cryptocurrency wallet
  • Opera Web Browser
  • Waves Client and Exchange cryptocurrency applications
  • Coinomi cryptocurrency wallet
  • Google Chrome web browser
  • Jaxx Liberty cryptocurrency wallet
  • Electron Cash cryptocurrency wallet
  • Electrum cryptocurrency wallet
  • Exodus cryptocurrency wallet
  • Monero cryptocurrency wallet
  • MultiBitHD cryptocurrency wallet
  • Mozilla Firefox web browser
  • CCleaner web browser
  • Vivaldi web browser
Click to expand...
www.windowscentral.com

Cyber threat alert: Pay for Windows or face the wrath of Cryptbot malware

Pirating is particularly risky these days due to Cryptbot malware hidden in fake versions of KMSPico.
www.windowscentral.com www.windowscentral.com
 
  • Like
  • +Reputation
  • Wow
Reactions: brambedkar59, harlan4096, plat and 4 others

Similar threads

silversurfer
    • +Reputation
    • Like
New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer
Replies
0
Views
763
News Archive
silversurfer
silversurfer
MuzzMelbourne
    • +Reputation
    • Applause
Crypto Opinions & News Prominent cryptocurrency exchange infected with previously unseen Mac malware
Replies
0
Views
411
Crypto News
MuzzMelbourne
MuzzMelbourne
silversurfer
    • +Reputation
    • Like
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
Replies
0
Views
554
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top