Software can be expensive. So instead of buying a license for the app, some people decided to pirate the app. But according to the Red CanaryHackers are spreading Cryptbot malware using fake versions of popular software pirated tools.
The tool in question is called KMS Pico, and Red Canary states that it is used to “activate all features of Microsoft Windows and Office products without actually owning a license key.” Security tools usually block KMS Pico, which often comes with steps to disable these protections, leaving your system vulnerable to malware.
This will bring up the Cryptbot. “It harms the organization by stealing credentials and other sensitive information from affected systems,” Red Canary said. According to the company, much of that personal data has been stolen from cryptocurrency-related software such as:
- Atomic cryptocurrency wallet
- LedgerLive cryptocurrency wallet
- Waves client and Exchange cryptocurrency application
- Coinomi cryptocurrency wallet
- Jaxx Liberty cryptocurrency wallet
- Electron Cash Cryptocurrency Wallet
- Electrum cryptocurrency wallet
- Exodus cryptocurrency wallet
- Monero cryptocurrency wallet
- MultiBit HD cryptocurrency wallet
According to Red Canary, Cryptbot is also trying to steal information from Google Chrome, Mozilla Firefox, Opera, Brave, Vivaldi’s web browsers and CCleaner system management tools. However, the extensive list of wallet software targeted by Cryptbot reveals that crypto enthusiasts are a valuable target.
Looking for a KMS Pico download from the beginning doesn’t seem to be the best way to protect it from this scheme. “The life of a pirate is not our life, especially when it comes to cracked software,” says Red Canary. “Save the hassle and choose a legitimate and supported activation method.”
https://www.tomshardware.com/uk/news/hackers-use-kmspico-spread-cryptbot-malware Hackers disguise Cryptbot malware as Windows activator